javax.net.ssl.SSLException: Unsupported record version Unknown-47.115
A commonly logged error from openfire
This "issue" is back again, a current master build WARN log entry
What the RFC is not clear on is what the initiating party should do in both instances. Where the receiving party is closing the socket without sending data, it's probably best to not send data as the initiating party either?
So, according to RFC6120, there is a significant difference between:
section 220.127.116.11 Failure Case, such as malformed commands and internal server errors.
section 18.104.22.168 STARTTLS Failure, which includes TLS errors such as bad_certificate or handshake_failure.
There is an important difference in how the receiving entity should respond. section 22.214.171.124 Failure Case states:
MUST return a <failure/> element (...) close the XML stream, and terminate the underlying TCP connection.
On the other hand, section 126.96.36.199 STARTTLS Failure reads:
MUST terminate the TCP connection (...) MUST NOT send a closing </stream> tag before terminating the TCP connection
I don't believe that Openfire makes a distinction between Failure Case and STARTTLS Failure: STARTTLS is assumed successful, unless an exception is thrown. Handling of both cases is probably similar in each implementation (S2S and C2S have different implementation) - from what I gather (in SocketReadingMode.java), Openfire always sends a <failure/> element.
Is the root cause of this issue the lack of distinct handling of both cases?