ejabberd version 18.09.23 failed to secure c2s connection: TLS failed:client renegotiations forbidden

In conversation developers comment " update openssl 1.1 or update ejabberd min. 18.09 " But the issue still persist. In this case ejabberd is not prepared to run latest tls1_3. So for it to work with latest conversation messenger version and latest pix-art messenger " in pix-art version 2.0 it was working. In latest pix-art version 2.1 stable it comment the same issue "

So here is the solution.

if you compile ejabberd, then download fast_tls from ejabberd github:

git clone https://github.com/processone/fast_tls.git

cd fast_tls/

./configure

make

Now watchout it will be only make, you will not install it you will only make it to copy two directories. Now rsync will be used to copy priv and ebin that make has been compiled, this two directories need to go in the compiled ejabberd directory. for example: if you compiled ejabberd completly in /opt/ejabberd/ then correct directory will be:

rsync -av priv/ /opt/ejabberd/lib/fast_tls-1.0.25/priv/

rsync -av ebin/ /opt/ejabberd/lib/fast_tls-1.0.25/ebin/

After that: Configure ejabberd to not use TLS 1.3 for clients (protocol_options)

-
     port: 5222
     ip: "::"
     module: ejabberd_c2s
     max_stanza_size: 262144
     shaper: c2s_shaper
     access: c2s
     starttls_required: true
     protocol_options:
       - "no_sslv2"
       - "no_tlsv1_3"

After that restart ejabberd " for ejabberd to be in run from every directroy in debian, ubuntu, move it to /usr/sbin/ejabberd " ejabberdctl you can get it from directory where you compile ejabberd " /autogen.sh " then write ejabberdctl stop or ejabberdctl restart " if ejabberd was run "

If you do everything correctly, after ejabberd will work with latest conversation messengers and pix-art messengers.