Cadu Silva :v_fb:
Hey @monocles, what does Monocles Chat expects in order to successfully validate DANE/TLSA?
DNSSEC and TLSA records are correctly configured for my domain and yet I receive "DANE failed" when trying to connect while enforcing it.
It works when I'm using WiFi in the same network as the server, but when I switch to mobile data, outside the server network, it doesn't work anymore.
I can't pinpoint what is causing this behavior.
Cadu Silva :v_fb:
@monocles my server has only IPv4, but my carrier uses both IPv4 and IPv6 :thinking_rotate:
But even when disabling IPv6, the "DANE failed" error persists.
I tried to join the room but it says I wasn't authorized because my server certificate is not trusted (it's from ZeroSSL).
monocles
@cadusilva Hi Cadu Silva! Could be your mobile data provider the problem? Is both IPv4 and IPv6 correctly configured on the server?
Also feel free to join our support chat room:
xmpp:support@conference.monocles.eu
Cadu Silva :v_fb:
@monocles I'm using a pretty recent set of ciphers, but the problem was solved when I issued a new cert, now from Let's Encrypt.
Ciphers: ECDH+AESGCM:EDH+AESGCM:ECHACHA20+POLY1305:ECDHE+CHACHA20:ECDHE+AES:@STRENGTH:!SHA:!CBC
Curve: secp256r1
Min TLS version: 1.2
monocles
@cadusilva Which ciphers do you use on your XMPP server? For security reasons monocles chat and the monocles servers are restricted to the newest only.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.