I am using ejabberd 16.02 and xmpp clients (e.g. Adium on osx) can connect fine without using ssl. But when I try to connect using ssl, I get the error xml-not-well-formed. Here are the last few lines of log file:
2017-05-09 00:53:09.802 [warning] <0.665.0>@gen_mod:validate_opts:255 module 'mod_rest' doesn't export mod_opt_type/1
2017-05-09 00:53:09.802 [debug] <0.665.0>@mod_rest:start:42 Starting: <<"ip-10-233-130-220.ec2.internal">> [{allowed_ips,[<<"127.0.0.1">>,<<"10.233.130.220">>,<<"10.123.160.113">>]}]
2017-05-09 00:53:09.813 [debug] <0.977.0> Supervisor ejabberd_sup started ejabberd_tmp_sup:start_link(ejabberd_c2s_sup, ejabberd_c2s) at pid <0.1221.0>
2017-05-09 00:53:09.813 [info] <0.1222.0>@ejabberd_listener:listen_tcp:189 Reusing listening port for {5222,{0,0,0,0},tcp}
2017-05-09 00:53:09.813 [debug] <0.1011.0> Supervisor ejabberd_listeners started ejabberd_listener:start({5222,{0,0,0,0},tcp}, ejabberd_c2s, [{access,c2s},{shaper,c2s_shaper},{max_stanza_size,524288},{starttls,true},{certfile,<<"/opt/ejabb...">>}]) at pid <0.1222.0>
2017-05-09 00:53:09.813 [info] <0.1223.0>@ejabberd_listener:listen_tcp:189 Reusing listening port for {5269,{0,0,0,0},tcp}
2017-05-09 00:53:09.814 [debug] <0.1011.0> Supervisor ejabberd_listeners started ejabberd_listener:start({5269,{0,0,0,0},tcp}, ejabberd_s2s_in, []) at pid <0.1223.0>
2017-05-09 00:53:09.814 [debug] <0.977.0> Supervisor ejabberd_sup started ejabberd_tmp_sup:start_link(ejabberd_http_sup, ejabberd_http) at pid <0.1224.0>
2017-05-09 00:53:09.814 [info] <0.1225.0>@ejabberd_listener:listen_tcp:189 Reusing listening port for {5280,{0,0,0,0},tcp}
2017-05-09 00:53:09.814 [debug] <0.1011.0> Supervisor ejabberd_listeners started ejabberd_listener:start({5280,{0,0,0,0},tcp}, ejabberd_http, [{captcha,true},{http_bind,true},{web_admin,true},{request_handlers,[{<<"/websocket">>,ejabberd_http_ws}]}]) at pid <0.1225.0>
2017-05-09 00:53:09.814 [info] <0.1226.0>@ejabberd_listener:listen_tcp:189 Reusing listening port for {5285,{0,0,0,0},tcp}
2017-05-09 00:53:09.814 [debug] <0.1011.0> Supervisor ejabberd_listeners started ejabberd_listener:start({5285,{0,0,0,0},tcp}, ejabberd_http, [{request_handlers,[{<<"/rest">>,mod_rest}]}]) at pid <0.1226.0>
2017-05-09 00:53:09.814 [info] <0.665.0>@ejabberd_app:start:76 ejabberd 16.02.79 is started in the node ejabberd@localhost
2017-05-09 00:53:09.814 [info] <0.633.0> Application ejabberd started on node ejabberd@localhost
2017-05-09 00:53:26.376 [info] <0.1222.0>@ejabberd_listener:accept:333 (#Port<0.27320>) Accepted connection 70.106.237.173:64584 -> 10.233.130.220:5222
2017-05-09 00:53:26.397 [debug] <0.1227.0>@ejabberd_receiver:process_data:284 Received XML on stream = <<22,3,1,0,233,1,0,0,229,3,3,89,17,19,244,235,154,48,239,199,246,140,154,225,217,245,214,55,127,1,247,92,28,183,34,151,11,41,120,216,19,48,232,0,0,114,192,44,192,135,204,169,192,173,192,10,192,36,192,115,192,43,192,134,192,172,192,9,192,35,192,114,192,8,192,48,192,139,204,168,192,20,192,40,192,119,192,47,192,138,192,19,192,39,192,118,192,18,0,157,192,123,192,157,0,53,0,61,0,132,0,192,0,156,192,122,192,156,0,47,0,60,0,65,0,186,0,10,0,159,192,125,204,170,192,159,0,57,0,107,0,136,0,196,0,158,192,124,192,158,0,51,0,103,0,69,0,190,0,22,1,0,0,74,0,23,0,0,0,22,0,0,0,5,0,5,1,0,0,0,0,255,1,0,1,0,0,35,0,0,0,10,0,12,0,10,0,23,0,24,0,25,0,21,0,19,0,11,0,2,1,0,0,13,0,22,0,20,4,1,4,3,5,1,5,3,6,1,6,3,3,1,3,3,2,1,2,3>>
2017-05-09 00:53:26.397 [debug] <0.1228.0>@ejabberd_c2s:send_text:1838 Send XML on stream = <<"<?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' id='16105116208470909736' from='chat.myserver.io' version='1.0'>">>
2017-05-09 00:53:26.397 [debug] <0.1228.0>@ejabberd_c2s:send_text:1838 Send XML on stream = <<"<stream:error><xml-not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'></xml-not-well-formed></stream:error>">>
2017-05-09 00:53:26.398 [debug] <0.1228.0>@ejabberd_c2s:send_text:1838 Send XML on stream = <<"</stream:stream>">>
I have enabled SSL and here is part of config file.
listen:
-
port: 5222
module: ejabberd_c2s
##
## If TLS is compiled in and you installed a SSL
## certificate, specify the full path to the
## file and uncomment these lines:
##
certfile: "/opt/ejabberd-15.07/conf/server.pem"
starttls: true
##
## To enforce TLS encryption for client connections,
## use this instead of the "starttls" option:
##
## starttls_required: true
##
## Custom OpenSSL options
##
## protocol_options:
## - "no_sslv3"
## - "no_tlsv1"
max_stanza_size: 524288
shaper: c2s_shaper
access: c2s
-
I uncommented the following
I uncommented the following lines in config file and it seems to be connecting now.
protocol_options:
- "no_sslv3"