I saw this question around the forums, but did not find a suitable fix. In addition, there is no information available on all these questions, so we thought about everything I learned here. connecting dots.
I work with SSL / TLS in openfire with two-way authentication. Got a fake wildcard certificate. which means that I have my CA both on the client and on the server. Now it works, but sometimes, the SSL handshake is held on a specific line. Server side logs:
org.apache.mina.filter.ssl.SslFilter - Session Server[40](ssl...): Processing the SSL Data
On the client side, I use SMACK , so to create the configuration, I gave a response time of 2 minutes to check the behavior; I also set hostNameVerifier.
Therefore, when it freezes, the following logs can be seen:
05-07 17:35:45.705 D/SMACK: SENT (1): <stream:stream xmlns='jabber:client' to='mydomain.com' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'> 05-07 17:35:45.712 D/SMACK: RECV (1): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="mydomain.com" id="9haislljp2" xml:lang="en" version="1.0"> 05-07 17:35:45.721 D/SMACK: RECV (1): <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>EXTERNAL</mechanism></mechanisms></stream:features> 05-07 17:35:45.723 D/SMACK: SENT (1): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'></starttls> 05-07 17:35:45.730 D/SMACK: RECV (1): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
And here it hangs for an undefined time, sometimes about 20 seconds, sometimes a minute or more.
But right after that, the very first magazine I see:
05-07 17:36:15.151 : HostNameVerifier callback verify: hostname:mydomain.com SessionID:[ B@3cedf14 CipherSuite:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Protocol:TLSv1.2 05-07 17:36:15.153 D/SMACK: SENT (1): <stream:stream xmlns='jabber:client' to='mydomain' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'> 05-07 17:36:15.161 D/SMACK: RECV (1): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="mydomain.com" id="9haislljp2" xml:lang="en" version="1.0"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>EXTERNAL</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><register xmlns="http://jabber.org/features/iq-register"/></stream:features>
and XMPP .
So, I looked at this host name verifier function from jdk and another source, I'm not sure, but I came to the conclusion that it is looking for dns. I also hosted my domain with ip in etc / hosts. so dns lookups should be avoided, but still. In any case, it would be useful if someone could point to something specific.
The links I follow are:
Apache MINA - stuck on SSL connection
How to disable reverse DNS lookup of Java SSL
Android 4.2 slow SSL / TLS
If someone needs more information, you will be more than happy to share.
Openfire Version: 4.1.3
Smack Version: 4.2.0
Ubuntu runs openfire: 16.04
JDK installed: openjdk 7.8 (tested with both)