TLS handshake error (freezes Gajim for minutes)
Hi,
My Gajim client is on Windows 10 (21H2), ejabberd server is on 21.01-2 using Let's Encrypt certs and every Gajim version after 1.3.2 is unable to connect (causes Gajim to freeze and go into "Not Responding" mode). This occurrs on both STARTTLS (port 5222) or Direct TLS (port 5223) server settings using these server side settings:
# TLS configuration
define_macro:
'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
'TLS_OPTIONS':
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1_1"
- "cipher_server_preference"
- "no_compression"
Running Gajim in debug mode shows that TLS connection is starting and then hangs. Wireshark capture from the client side reveals that TLS hello handshake packet was sent to the server (sent by Gajim) and received server response TCP Reset for versions above 1.3.2 but not for <=1.3.2 all of which connect just fine. Ejabberd debug logs do not reveal much other than client attempting to initiate a connection.
sslscan with "sslscan --xmpp-server fqdn:5223" and "sslscan --starttls-xmpp fqdn:5222" both reveal that server is able to support TLSv1.2 and TLSv1.3.
Did something change after v1.3.2 that would need to be considered for further troubleshooting?
Thank you.