openfire 3.8.1 的JDK陷阱

最新推荐文章于 2021-02-07 00:19:22 发布

weixin_33726313

最新推荐文章于 2021-02-07 00:19:22 发布

阅读量114

点赞数

原文链接：https://my.oschina.net/condy/blog/152957

版权

为什么80%的码农都做不了架构师？>>>

由于系统是使用RMXMPPLib.dll基础上的二次开发，在连接到openfire服务器时，发现对于window版本的Openfire可以连接成功，但在linux版本下，就是无法连接。比对2者的登入过程日志以及google很久后，发现居然是JDK版本不对引起的。

JDK6.0的版本，对于DIGEST-MD5算法支持存在问题，openfire在判断JDK版本为6.0时，就自动会关闭采用DIGEST-MD5的登入验证算法，但RMXMPPLib.dll默认就是采用这种登入算法，所以就登入不成功。

在linux JDK6.0下的日志过程如下:

<stream:stream to="kftest2" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" >

<stream:stream from="kftest2" id="51d61c00" version="1.0" xml:lang="en" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"/>

<stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>JIVE-SHAREDSECRET</mechanism><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>

<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>

<proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>

SSL status: "before/connect initialization"

SSL status: "before/connect initialization"

SSL status: "SSLv3 write client hello A"

SSL status: "SSLv3 read server hello A"

SSL status: "SSLv3 read server certificate A"

SSL status: "SSLv3 read server key exchange A"

SSL status: "SSLv3 read server done A"

SSL status: "SSLv3 write client key exchange A"

SSL status: "SSLv3 write change cipher spec A"

SSL status: "SSLv3 write finished A"

SSL status: "SSLv3 flush data"

SSL status: "SSLv3 read finished A"

SSL status: "SSL negotiation finished successfully"

SSL status: "SSL negotiation finished successfully"

Cipher: name = EDH-RSA-DES-CBC3-SHA; description = EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
; bits = 168; version = TLSv1/SSLv3; 

<stream:stream to="kftest2" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" >

<stream:stream from="kftest2" id="51d61c00" version="1.0" xml:lang="en" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"/>

<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>JIVE-SHAREDSECRET</mechanism><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>

<compress xmlns="http://jabber.org/protocol/compress"><method>zlib</method></compress>

<compressed xmlns="http://jabber.org/protocol/compress"/>

<stream:stream to="kftest2" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" >

SSL status: "SSL negotiation finished successfully"

主要问题出在:

<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>JIVE-SHAREDSECRET</mechanism><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>

这是openfire运行验证的集中机制，有JIVE-SHAREDSECRET，PLAIN，ANONYMOUS。但是就是没有DIGEST-MD5

在windows JDK5.0下的日志过程:

<stream:stream to="condy" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" >

<stream:stream from="condy" id="4cdae09e" version="1.0" xml:lang="en" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"/>

<stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>JIVE-SHAREDSECRET</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>

<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>

<proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>

SSL status: "before/connect initialization"

SSL status: "before/connect initialization"

SSL status: "SSLv3 write client hello A"

SSL status: "SSLv3 read server hello A"

SSL status: "SSLv3 read server certificate A"

SSL status: "SSLv3 read server key exchange A"

SSL status: "SSLv3 read server done A"

SSL status: "SSLv3 write client key exchange A"

SSL status: "SSLv3 write change cipher spec A"

SSL status: "SSLv3 write finished A"

SSL status: "SSLv3 flush data"

SSL status: "SSLv3 read finished A"

SSL status: "SSL negotiation finished successfully"

SSL status: "SSL negotiation finished successfully"

Cipher: name = EDH-RSA-DES-CBC3-SHA; description = EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
; bits = 168; version = TLSv1/SSLv3; 

<stream:stream to="condy" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" >

<stream:stream from="condy" id="4cdae09e" version="1.0" xml:lang="en" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"/>

<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>JIVE-SHAREDSECRET</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>

<compress xmlns="http://jabber.org/protocol/compress"><method>zlib</method></compress>

<compressed xmlns="http://jabber.org/protocol/compress"/>

<stream:stream to="condy" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" >

<stream:stream from="condy" id="4cdae09e" version="1.0" xml:lang="en" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"/>

<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>JIVE-SHAREDSECRET</mechanism></mechanisms><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>

<auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>

<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cmVhbG09ImNvbmR5Iixub25jZT0iMXJveGRITXAvajc5elNDUVg3S0R4dFk1bDdseWE0cWQ3UlBYZlNMTCIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI=</challenge>

<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dXNlcm5hbWU9IjU5MTEyMzQyNiIscmVhbG09ImNvbmR5Iixub25jZT0iMXJveGRITXAvajc5elNDUVg3S0R4dFk1bDdseWE0cWQ3UlBYZlNMTCIsY25vbmNlPSJiOGI3YTYyZWIyNjhkYjNjYmE3MDAxMmVkYWFlNjUzYiIsbmM9MDAwMDAwMDEscW9wPWF1dGgsZGlnZXN0LXVyaT0ieG1wcC9jb25keSIsY2hhcnNldD11dGYtOCxyZXNwb25zZT03OTcwNDkxNDcxOTJiODZjNWRmYWVkYjAzYzdkYmZhNg==</response>

<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cnNwYXV0aD03MTc0MzA4MGM5ZmNhY2IyMWE4NGFhNzI0MzI1YWI4ZA==</success>

<stream:stream to="condy" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" >

转载于:https://my.oschina.net/condy/blog/152957