Openfire TLS 1.3 workaround

[sonnyp]

@netmikey could you review and test this?

[sonnyp]

You can

1. Use xmpp.js git with this branch in your project
2. Copy paste packages/tls/lib/Socket.js in your node_modules
3. Checkout this branch, tweak and use packages/client/example.js

Please make sure to test before and after this changeset.

[netmikey]

Ok so here's what I'm at:

• it looks like xmpp.js 0.12.1 actually does work with direct tls (hadn't checked that earlier)
• neither "original" 0.12.1 nor 0.12.1 with this branch's tls/lib/Socket.js work with starttls

[sonnyp]

So I finally reinstalled Openfire to reproduce this.

There must be somethong wrong with how you switch xmpp.js - here are my results with direct TLS against openfire (self signed certificate)

xmpp.js 0.12.1: KO - 10 out of 10 xmpp.js 0.12.0: KO - 10 out of 10 xmpp.js main: KO - 10 out of 10 xmpp.js openfire-workaround: OK - 10 out of 10

Would be really helpful and have saved tremendous amount of time if you could try to be a bit more thorough with your testing.

I forgot about STARTLS so this PR only addresses direct TLS for now but I will add it. It's the same problem anyway.

Please retry - I want to make sure it solves your problem.

[sonnyp]

8f4a0e5 (#914) adds the fix for starttls - would be great if you could test this branch with both direct TLS and starttls with your setup to confirm it fixes it.

Please make sure to test before/after.

Let me know if I can help.

:crossed_fingers:

[netmikey]

Yes, sorry I forgot to check with direct TLS, my bad :(

As a side note: I don't have an easy way to install 0.12.0 anymore on my project. The reason being: I use @xmpp/client which depends on all of the @xmpp packages transitively. Since those dependencies aren't declared as fixed dependencies, but with ^, npm will chose the latest 0.12 patch version it knows, which is 0.12.1 now. I would have to declare each @xmpp package (with a fixed dependency to 0.12.0) to really get version 0.12.0 back. It would maybe make things more reproducible if all @xmpp modules would refer to their siblings using fixed versions within one release.

But 0.12.0 isn't all that interesting anymore anyway. So here are my results now, everything checked multiple times. Tested against Openfire (configured to only allow TLSv1.3 on the direct tls and the starttls ports, using a real certificate):

• xmpp.js 0.12.1, direct tls: OK
• xmpp.js 0.12.1, starttls: KO
• xmpp.js 0.12.1 with starttls and tls modules copied from openfire-workaround, direct tls: OK
• xmpp.js 0.12.1 with starttls and tls modules copied from openfire-workaround, starttls: OK

For reference, here's how I reset my project to npm's xmpp.js 0.12.1:

npm cache clean --force && rm -rf node_modules package-lock.json && npm install && npm start