You are here

Problem connecting

HELP, I set up coccinella for my boss's daughter to use for tutoring(her tutor lives in Boston while she is in Los Angeles) and at some point, I'm guessing when I installed a Sonicwall Firewall at her house, coccinella started giving an error when i try to log in, Policy-Violation....I brought up the debug window and what it reports on attempting to connect is as follows

SEND:
RECV:
Use of STARTTLS required

SEND: Arielleliz1Coccinella@Macintosh1257fe042a4d873a07a74b3d8f0ee11ddb717891
SEND:

I have already gone through and disabled all the various protections on the firewall as well as allowed all incoming traffic to her computer without any success...Can anyone make any suggestions as to where to go with this?

Nathan

Forum: 

Hi,

The last days I got also the annoying error when logging-in:
Policy-Violation. Before I can log-in, I have to change the
account settings everytime to use the more option in the
log-in window as set the: Use TLS on separate port (old).

Has there been any change in the protocol lately ?

I guess you both should read this: http://www.jabber.org/web/Secure_Communications_Week

Yes I have read it, but haven't any clue how the message:
'Received Streaming error from the server with errorcode: policy-violation'.
(translated from Dutch) can be prevented by us as users.

I have tried all security options, which did not help either
and Ihaven't any certificate available to see if that would
help in any way.

What's the Dutch error? What is your server? Do you have other important details?

The error just comes ONCE everytime I startup Coccinella when it tries
to login. After that I can just use the button Login to connect without
an error message. The used jabber server is: jabber.org and the error:

'Streamfout van de server ontvangen met foutcode: policy-violation'

Which Coccinella version?

Unfortunatly the version was already at .8 as that is what was current when I installed coccinella, however I was able to fix the error by upgrading to .10 which is the latest available version.

0.96.10 has SASL and TLS enabled by default. In 0.96.8 this was not true which means you had to manually change your profile settings if you did not manually selected it.

I experienced this with versions 0.96.10 and .11
However this morning this error message was gone.
So, it seems to be a result from the security week,
somehow.

What is your server?

jabber.org

A me too report.

Problem still with 0.96.11 (XP and Linux) and an ejabberd server with TLS_required enabled.

The start-up login fails with the policy violation error, yet using the login button WITHOUT any changes to the entries then successfully connects with the secure connection shield displaying.

In other words, all the elements of a successful connection to a TLS only server are in place but the start-up auto-login does not pick them up.

Should I file a bug rep?

royden

Can you look in your account settings whether or not you've encryption enabled? If you simply upgrade from Coccinella 0.96.8 or an earlier version, the accounts you've already configured will not be changed to use encryption by default. So, you will have to change this manually.

If you still have problems after that, can you remove your Coccinella preferences directory to start adding an account from scratch? If that works, there is nothing that needs a bug report AFAICS.

I only started with 0.96.10. My point was that the correct entries are picked up from /.coccinella/preferences.rdb (under 'nix), as the prog connects manually right after refusing to do so after starting up or when re-connecting after an auto-logout.

The right settings are in the profile (except that they are not, so to speak, as secure is a default and only not using secure results in a "-secure 0" entry). Manually putting in "-secure 1" does not help.

I re-created /.coccinella/preferences.rdb from the ground up and no difference.

A server with enforced tls does not get auto-connected to. I suspect this is a relict of the old preferences / login screen duality. The fact that a poster above had a problem during security week that then disappeared when it ended (and automatic tls was switched off?), kinda makes sense.

Bug? (Then again I am often wrong :-)

BTW, I REALLY like this application - love at first sight etc and I tried most of 'em.

royden

Is the server with tls_required a public service? If so, what is the server address?

No, its private. I can make you a user and email the details if you like. If agreeable, is your email info on this site current?

royden

Yes, it is ok.

info sent by email.

Yes, I saw it. I will look at it in the weekend.

Ok, I tested it with your test account (sorry I couldn't do it earlier) and it works. These are the settings (default):

  • Connection tab/Use secure connection/Use TLS and SASL.
  • All other options and settings in the More section are disabled.

That is strange as I cannot get Coccinella to start-up and auto-connect to that account, neither from XP nor from Linux. Connecting after that fact works.

Forgive my doubts, but you did get it to connect right from start-up and not from using the login button?

Now I am starting to think more clearly. Below is an extract from the server log from the attempt at connecting from start-up, showing that Coccinella is not delivering a secured connection. Yet moments later with a manual connect using the same profile info it does.

2008.11.10 01:19:34 TLS was required by the server and connection was never secured. Closing connection : org.jivesoftware.openfire.nio.NIOConnection@106d307 MINA Session: (SOCKET, R: /yyy.yyy.y.y:37667, L: /zzz.zzz.z.z:5222, S: 0.0.0.0/0.0.0.0:5222)
2008.11.10 01:22:12 TLS was required by the server and connection was never secured. Closing connection : org.jivesoftware.openfire.nio.NIOConnection@63cd1d MINA Session: (SOCKET, R: /xxx.xxx.xxx.xx:3481, L: /www.www.w.w:5222, S: 0.0.0.0/0.0.0.0:5222)

Ok, I see now. There seems to be a bug when "Login on Coccinella startup is enabled".