auth failure: Invalid channel binding

[mrusme]

I'm trying to authenticate with a Jabber account I created on a public instance, but I keep getting the following error:

auth failure: Invalid channel binding

The Go code that I'm using is more or less this:

    xmpp.DefaultConfig = &tls.Config{
        ServerName:         strings.Split(xmppServer, ":")[0],
        InsecureSkipVerify: false,
    }

    jabberOpts := xmpp.Options{
        Host:          xmppServer,
        User:          xmppUsername,
        Password:      xmppPassword,
        NoTLS:         !xmppTLS,
        Debug:         false,
        Session:       true,
        Status:        "xa",
        StatusMessage: "...",
    }

    jabber, err = jabberOpts.NewClient()
    if err != nil {
        fmt.Println(err)
        return err
    }
    defer jabber.Close()

    _, err = jabber.Send(xmpp.Chat{
        Remote: destinationUsername,
        Type:   "chat",
        Text:   m.ToString(),
    })
    if err != nil {
        fmt.Println(err)
        return err
    }

[mdosch]

Is the server an ejabberd <24.02? Ejabberd in versions lower than 24.02 has a bug where it uses tls-unique for channel binding with TLSv1.3 instead of tls-exporter. In this case you might try to authenticate without channel binding (use scram-sha-x instead of scram-sha-x-plus, e.g. scram-sha-1).

Am 13. März 2024 14:44:06 UTC schrieb "◤◢◤◢◤◢◤◢" @.***>:

[mrusme]

Thank you @mdosch, this hint was very helpful! I tried a different server and authentication works. I have yet to find out what version the previously used server is, but given the success with the other one I share your suspicion.

As it seems to be a server-side issue in first place I will close this issue.

[mdosch]

You can also try to set Mechanism to e.g. SCRAM-SHA-1 (without -PLUS): https://github.com/xmppo/go-xmpp/blob/master/xmpp.go#L234