Hi,
Last week I was testing SASL EXTERNAL with openfire. I got everything to work fine on both starttls and legacy SSL. When I was testing if revoking the client certificate was also working I noticed that my cerficate was blocked on the starttls port but was still working on the legacy SSL port.
Best regards,
Eelco