The #Conversations_im update that requires TLS 1.3 is currently rolling out.
Apparently, judging by the bug reports coming in, a good number of servers do not support TLS 1.3 yet.
Please upgrade your servers and/or check their configurations. 🙏
Users can opt out via a setting in the Security section of the app, but this setting will likely go away in 1-2 years. The only correct move here is to fix your servers. Also, check the HTTP servers used by HTTP Upload.
Joda Stößer
in reply to Daniel Gultsch • • •glad I saw this toot. It made me able to use my self-hosted @prosodyim again.
Before, I had just turned off the server connection to fix it at a later time, especially since I didn't know what caused it. I just checked the validity of the cert and didn't find any issues.
It would be great if the error message in the app would indicate the cause.
"TLS negotiation failed (TLS v1.3 not supported by server)"
Joda Stößer
Unknown parent • • •It surprised me that my @prosodyim setup didn't support TLS v1.3 already. Checking the docs it is not mentioned at all and I will have to figure out how to enable it, if it is supported at all.
mimi89999
in reply to Daniel Gultsch • • •mva
in reply to Daniel Gultsch • • •well, unfortunatelly, there is not only "good number of servers do not support TLS 1.3 yet", but also there are some countries that has gorernment-ruled DPI hardware deployed country-wide and that blocks TLS 1.3.
If you're lucky, it can be "time to time" or "some specific things", but if you're not - it can be total breakage of any TLS1.3 conenctions.
So, users from such coutires won't be able to have secure communications at all:
from the one side there is government pushing,
from the other — such a decisions 🤷
Axel
in reply to Daniel Gultsch • • •Server overview · XMPP Compliance Tester
compliance.conversations.im