Openfire 4.01 and TLS 1.2

I’d like to get Openfire working with TLS 1.2?

I am running Openfire 4.01 on a Windows box.

Java Version:
1.8.0_66 Oracle Corporation – Java HotSpot™ Client VM

If I try to use TLS 1.2 the Spark clients just time out and bad username or password. TLS 1.1 does the same. TLS 1.0 works fine.

Please check this page In the Admin Console: Server > Server Settings > Client Connections >Advanced configuration (in the 'Plain-text (with STARTTLS) connections box).

It lists which encryption protocols are available for client connections. If TLS is listed, but not enabled, please enable it there.

If TLS 1.2 is already listed there, then the problem is likely with your client (perhaps running on an old version of Java).

“If I try to use TLS 1.2 the Spark clients just time out and bad username or password. TLS 1.1 does the same. TLS 1.0 works fine.”

Admin Console: Server > Server Settings > Client Connections >Advanced configuration is where I was changing the settings and testing. The client has Java 8_40 when I look at through windows control panel.

When the Admin Console lists TLS 1.1 and 1.2, then it’s most likely a client issue (or an issue in which both sides understand the protocol, but cannot agree on a cypher suite). I am somewhat puzzled by the timeout though (I’d expect an error of sorts - anything in the log files?) Have you tried installing the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files?

I bet this is more of an issue with spark than with OF.

created

[SPARK-1694] Spark will not connect using TLSv1.1 or TLSv1.2 - Jive Software Open Source

what version of spark are you using, and what version of java is it using? I just tested this with the latest version of spark and openfire, and can connect to tlsv1.2 without any problem (with a vanilla openfire configuration).

Spark 2.7.3 Build: 715

only thing in Spark client log when I goto help->view logs is:

Feb 08, 2016 9:47:28 PM org.jivesoftware.spark.util.log.Log error

SEVERE: Profile contains wrong format: “dan” located at: C:\Users\admin\AppData\Roaming\Spark\user\dan

Feb 08, 2016 9:47:28 PM org.jivesoftware.spark.util.log.Log error

SEVERE: Profile contains wrong format: “peggy” located at: C:\Users\admin\AppData\Roaming\Spark\user\peggy

I am not sure how to check what version of Java the Spark client is using. Through windows control panel java 8_40 (build 1.8.0_40-b26) is installed.

in spark, you can click help>about

lol, sorry I missed that:

JRE Version: 1.7.0_76

So I think I 1.7 i read there is something i have to do to enable it?

either that or get it to use 1.8

you can either update spark to the latest version, which should also include a new jre, or in your spark folder, rename the folder “jre” to something like jre_old, and launch spark. this will make spark use the system java installation.

I have confirmed this to be related to java 7. Updating java to java 8 should resolve this.

both of those methods got spark on jre 1.8.

i can not test it right now because it is a live environment but i think it will work after this change. i will test it in a few hours.

edit: confirmed working.