If you run into issues with TLS connectivity it’s helpful to compare if both installations support same set of protocols and
ciphers. One of the most versatile and helpful tools is Mozilla’s CipherScan. For example for our installation tigase.im
result would look like this:
$ ./cipherscan --curves -starttls xmpp -servername tigase.im tigase.me:5222 ....................................................................... Target: tigase.me:5222 prio ciphersuite protocols pfs curves 1 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,B-571,570bits sect283k1,sect283r1,sect409k1,sect409r1,sect571k1,sect571r1,secp256k1,prime256v1,secp384r1,secp521r1 2 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,B-571,570bits sect283k1,sect283r1,sect409k1,sect409r1,sect571k1,sect571r1,secp256k1,prime256v1,secp384r1,secp521r1 3 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,B-571,570bits sect283k1,sect283r1,sect409k1,sect409r1,sect571k1,sect571r1,secp256k1,prime256v1,secp384r1,secp521r1 4 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 DH,4096bits None 5 DHE-RSA-AES256-SHA256 TLSv1.2 DH,4096bits None 6 DHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 DH,4096bits None 7 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,B-571,570bits sect283k1,sect283r1,sect409k1,sect409r1,sect571k1,sect571r1,secp256k1,prime256v1 8 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,B-571,570bits sect283k1,sect283r1,sect409k1,sect409r1,sect571k1,sect571r1,secp256k1,prime256v1,secp384r1,secp521r1 9 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,B-571,570bits sect283k1,sect283r1,sect409k1,sect409r1,sect571k1,sect571r1,secp256k1,prime256v1,secp384r1,secp521r1 10 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 DH,4096bits None 11 DHE-RSA-AES128-SHA256 TLSv1.2 DH,4096bits None 12 DHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 DH,4096bits None Certificate: trusted, 2048 bits, sha256WithRSAEncryption signature TLS ticket lifetime hint: None NPN protocols: None OCSP stapling: not supported Cipher ordering: client Curves ordering: client - fallback: no Server supports secure renegotiation Server supported compression methods: NONE TLS Tolerance: yes