|
| 1 | +## Change of the default TLS library used for C2S connections |
| 2 | + |
| 3 | +As of this release, usage of `fast_tls` for Client to Server connections (C2S) has been deprecated. |
| 4 | +`fast_tls` will be removed in a future release. |
| 5 | + |
| 6 | +From now on the default TLS library for C2S is `just_tls`, which uses TLS implementation from Erlang OTP. |
| 7 | +In our load tests, `just_tls` is as performant as `fast_tls` and also has better standards compliance. |
| 8 | +This deprecation affects only C2S, and `fast_tls` remains as the TLS implementation for S2S. |
| 9 | + |
| 10 | +To continue using `fast_tls` for C2S in existing deployment after upgrade, make sure the |
| 11 | +option [`tls.module`](../listeners/listen-c2s.md#listenc2stlsmodule) is set to `fast_tls` for each of your C2S listeners. |
| 12 | + |
| 13 | +If you leave `tls.module` unset, the TLS module will change from `fast_tls` to `just_tls` after the upgrade. |
| 14 | +One consequence is that the [`tls.protocol_options`](../listeners/listen-c2s.md#listenc2stlsprotocol_options-only-for-fast_tls) option, which you might have used, will be no longer valid. |
| 15 | +With `just_tls`, you need to use different options, e.g. [`tls.versions`](../listeners/listen-c2s.md#listenc2stlsversions-only-for-just_tls). |
| 16 | + |
| 17 | +### Channel binding for TLS |
| 18 | + |
| 19 | +Note that `just_tls` currently does not implement `channel binding` for TLS, which is required for SCRAM_PLUS |
| 20 | +authentication methods. If you depend on using SCRAM_PLUS for authentication, you need to use `fast_tls`. |
| 21 | +We do plan to implement `channel binding` for `just_tls` (only for TLS 1.3) in the future. |
| 22 | + |
| 23 | +### TLS handshake |
| 24 | + |
| 25 | +There is a difference between `fast_tls` and `just_tls` in client authentication behaviour during TLS handshake: |
| 26 | + |
| 27 | +* `fast_tls` doesn't verify the client certificate during TLS handshake and relies on other mechanisms, like SASL, to authenticate the client. |
| 28 | +* `just_tls` by default verifies the client certificate during TLS handshake and aborts connection when the certificate is invalid. This is realised by the default settings in |
| 29 | +`just_tls`: `verify_mode` set to `peer` and `disconnect_on_failure` set to `true`. |
| 30 | + |
| 31 | +If you want to have the same behaviour for `just_tls` as it was in `fast_tls` regarding TLS handshake, |
| 32 | +set [`tls.disconnect_on_failure`](../listeners/listen-c2s.md#listenc2stlsdisconnect_on_failure-only-for-just_tls) to `false`. This is required for example when using [SASL EXTERNAL](../tutorials/client-certificate.md#enable-sasl-external-mechanism). |
| 33 | +It is also possible to completely disable client certificate verification during TLS |
| 34 | +handshake in `just_tls` by setting [`tls.verify_mode`](../listeners/listen-c2s.md#listenc2stlsverify_mode) to `none`. |
| 35 | + |
| 36 | +For more information regarding configuration of TLS for C2S, see [C2S listener options](../listeners/listen-c2s.md#tls-options-for-c2s). |
| 37 | + |
| 38 | +## `exml` upgraded to 4.1.1 |
| 39 | + |
| 40 | +`exml` library used for parsing and encoding of XML messages was upgraded to version 4.1.1. |
| 41 | +In this new version, internal representation of XML elements has changed - element attributes are stored in a map (previously in a key-value list). |
| 42 | + |
| 43 | +### Impact on the upgrade procedure |
| 44 | + |
| 45 | +Parsed XML messages are being sent within MongooseIM cluster between Erlang nodes in internal representation, so to understand received messages (Erlang terms), all nodes must have the same code that handles XML elements. |
| 46 | +This makes a [rolling upgrade](../operation-and-maintenance/Rolling-upgrade.md) not viable for this release, as it would lead to multiple errors in the logs and clients being disconnected abruptly. |
| 47 | +There are following alternatives: |
| 48 | + |
| 49 | +1. One solution is to stop the whole MongooseIM cluster, upgrade and start again. |
| 50 | + |
| 51 | +2. The second solution is to configure a new cluster running new version |
| 52 | +alongside the old cluster, and migrate traffic from the old one to the new one. |
| 53 | + |
| 54 | +3. There is a third solution, which allows to maintain service availability but not requiring building a full new cluster. |
| 55 | + In this solution, you upgrade nodes one by one (like in the rolling upgrade), but change configuration to not allow the upgraded node to rejoin the old cluster, but instead run as a new cluster. |
| 56 | + That way all nodes are migrated one by one to the newly formed cluster. Both clusters have to access the same database. |
| 57 | + If you are using CETS, you can form a new cluster by changing [`internal_databases.cluster_name`](../configuration/internal-databases.md#internal_databasescetscluster_name). |
| 58 | + |
| 59 | +### Archived XML - `mod_mam` |
| 60 | + |
| 61 | +The change of XML element representation could affect messages archived by `mod_mam`. |
| 62 | + |
| 63 | +!!! question "Is my server affected?" |
| 64 | + |
| 65 | + There is a config setting [`modules.mod_mam.db_message_format`](../modules/mod_mam.md#modulesmod_mamdb_message_format), which controls the message format for archived messages, and its default is different depending on the database backend used. |
| 66 | + |
| 67 | + * Messages stored in the XML textual format (`mam_message_xml`) are **not** affected. |
| 68 | + * Messages stored in the Erlang term format (`mam_message_compressed_eterm` or `mam_message_eterm`) are affected. |
| 69 | + |
| 70 | +For messages stored as Erlang terms, we provide transparent retrieval of the old format, while new messages will be written in the archive in the new format. |
| 71 | +However, a nonupgraded node would fail to read messages stored in the new format. |
| 72 | +This is not an issue unless you upgrade using method 2 or 3 from the list above (keeping two clusters running simultaneously), or you perform a rollback. |
| 73 | +To limit such issues, we recommend the upgrade to be undertaken during the time of minimal traffic. |
| 74 | + |
| 75 | +!!! info "What errors to expect?" |
| 76 | + When a client connected to a nonupgraded node requests a message stored in the new format, you can expect: |
| 77 | + |
| 78 | + * A warning log with `what=process_iq_error` on the MongooseIM node. |
| 79 | + * An `internal-server-error` IQ stanza returned to the client. |
| 80 | + |
| 81 | + Such issues would be transient during the upgrade, but if you attempt a rollback, they would persist until you upgrade again. |
| 82 | + |
| 83 | +## Database migration |
| 84 | + |
| 85 | +Migration scripts for CockroachDB, PostgreSQL, MySQL, and MS SQL are available in the [`priv/migrations`](https://github.com/esl/MongooseIM/tree/master/priv/migrations) directory. These migrations introduce the **`fast_auth_token`** table, which is required for [**XEP-0484: Fast Authentication Streamlining Tokens**](../modules/mod_fast_auth_token.md) to function properly. |
| 86 | + |
| 87 | +## Translations moved to a service |
| 88 | + |
| 89 | +System message translations are now handled by [`service_translations`](../configuration/Services.md#service_translations). Translations files can be found in [`priv/translations/`](https://github.com/esl/MongooseIM/tree/master/priv/translations/). |
| 90 | + |
| 91 | +### SCRAM hashing fix |
| 92 | + |
| 93 | +In versions 6.3.1 and earlier, a bug caused incorrect hash calculations for SCRAM authentication when using algorithms stronger than SHA-1 with OpenSSL >=3.4.1. |
| 94 | +This release includes a fix for this issue. If you were affected, all users must reset their passwords after upgrading to ensure correct authentication. |
| 95 | +For more details, see [SCRAM hashing issue](../developers-guide/SCRAM-serialization.md#scram-hash-calculation-issue-in-mongooseim-410631). |
0 commit comments