Can't see StartTLS

LoPard · November 18, 2022, 9:28am

Hello, I’m writing a plugin and for this I need to acces to the startTLS and TLS Handhake packets.
If I use the classic

    public void interceptPacket(Packet packet, Session session, boolean incoming, boolean processed) throws PacketRejectedException {
        if (!processed) {
            if (!packet.toXML().contains("ping")) {
                logger.info("\n" + packet.toXML());
                logger.info("\n" + session.toString());
            }
        }
    }

I can see all packets but I don’t see the ones related with TLS.

Does anyone knows how can I see them ? Thanks a lot.

Using Openfire 4.6.2

guus · November 18, 2022, 10:21am

Certain bits of traffic (especially around the establishment of a session) are not being fed to the packet interceptor. You could argue that this data isn’t even an XMPP stanza (which is what Packet implements/represents) in the first place.

If you need to programatically intercept these handshakes (why?!) then I fear you’ll need to find something in a third-party API (like MINA’s).

LoPard · November 18, 2022, 10:34am

Ok thank you for your answer.

It is pretty strange I know to intercept handshake but to simplify I know who are the clients (got certificates etc …) and I want to reduce at minimum the traffic so I want to make a plugin to do the handshake locally.

I am going to read about MINA.

guus · November 18, 2022, 10:48am

I’m not sure what optimization you are after, but I advise you too have a look at pre-existing documentation on how to improve the amount of round-trips during authentication/authorization. There are various XMPP specifications published by the XSF that address this issue. It might be worth it (faster to implement, more re-usable, etc) to investigate if you can use any of those, instead of inventing your own solution!