OF-1849: Allow StartTLS on DirectTLS port
When DNS SRV records are misconfigured, connections that are expected to receive DirectTLS data could receive non-encrypted data (optionally to be encrypted with StartTLS later).
This commit adds a new configuration option 'xmpp.server.tls.on-plain-detection-allow-nondirecttls-fallback' (default: true) that can be used to toggle this behavior.
OF-793: Write </stream:stream> on correct writer
This commit ensures that an end-stream tag, as written by outgoing s2s connections, is written on the proper writer. This change intends to prevent issues where plain-text '</stream:stream>' is written on socket that's supposed to be encrypted.
OF-793: Log data that triggers "Unsupported record version Unknown-" exception
With some frequency, Openfire logs exceptions with this message: "javax.net.ssl.SSLException: Unsupported record version Unknown-47.115". One source of this appears to be in S2S Dialback negotiation.
This appears to be caused by Openfire trying to parse plain-text data as TLS: the decimal representation 47 115 equals to the characters '/' and 's'. A common place for these characters to occur in XMPP would be in stream close tags: </stream:stream>.
This commit allows the content of the buffer that's being parsed by the TLS handler to be logged in its hexadecimal representation, when the exception occurs.
In a test environment, I've found this hex string to be logged by this: "3c2f73747265616d3a73747265616d3e". Converted to characters, this is: "</stream:stream>"