auth failure: Invalid channel binding
mrusme opened this issue · 3 comments
mrusme commented
I'm trying to authenticate with a Jabber account I created on a public instance, but I keep getting the following error:
auth failure: Invalid channel binding
The Go code that I'm using is more or less this:
xmpp.DefaultConfig = &tls.Config{
ServerName: strings.Split(xmppServer, ":")[0],
InsecureSkipVerify: false,
}
jabberOpts := xmpp.Options{
Host: xmppServer,
User: xmppUsername,
Password: xmppPassword,
NoTLS: !xmppTLS,
Debug: false,
Session: true,
Status: "xa",
StatusMessage: "...",
}
jabber, err = jabberOpts.NewClient()
if err != nil {
fmt.Println(err)
return err
}
defer jabber.Close()
_, err = jabber.Send(xmpp.Chat{
Remote: destinationUsername,
Type: "chat",
Text: m.ToString(),
})
if err != nil {
fmt.Println(err)
return err
}mdosch commented
Is the server an ejabberd <24.02? Ejabberd in versions lower than 24.02 has a bug where it uses tls-unique for channel binding with TLSv1.3 instead of tls-exporter. In this case you might try to authenticate without channel binding (use scram-sha-x instead of scram-sha-x-plus, e.g. scram-sha-1).
Am 13. März 2024 14:44:06 UTC schrieb "◤◢◤◢◤◢◤◢" ***@***.***>:
…mrusme commented
Thank you @mdosch, this hint was very helpful! I tried a different server and authentication works. I have yet to find out what version the previously used server is, but given the success with the other one I share your suspicion.
As it seems to be a server-side issue in first place I will close this issue.
mdosch commented
You can also try to set Mechanism to e.g. SCRAM-SHA-1 (without -PLUS): https://github.com/xmppo/go-xmpp/blob/master/xmpp.go#L234