Client Authentication methods...?

Hello, I’m relatively new to Openfire. We installed an Elastix PBX and since Openfire came preinstalled, we decided to check it out. We’ve been using it internally for a few months now and like it a lot. I’d like to open it up to the public internet so that we can communicate when we’re out on the road, not just in the office. I have forwarded port 5222 and the spark client can connect using the Public IP of our server. We’re concerned with the security of this. I want to make sure that if our users are logging in over the WAN, that the authentication process is secure. We don’t want to expose ourselves to someone potentially “sniffing” our credentials, as we are using LDAP accounts. An attacker would be sniffing our LDAP credentials, not just the credentials to log into our chat server.

My question is this: what type of Authenticatoin method is Openfire using to secure the transmission of login credentials? I have gone to Server -> Server Settings -> Security Settings -> and set Client Connection Security to required, but it doesn’t say what type of security is being used. I haven’t configured any certificates for the server yet, so it should be using the default self-signed cert.

Secondary question: is the actual chat transmission encrypted, or can it be? This isn’t as critical, but it would be nice to know that our communications are safe, as well as our login credentials.

Thanks in advance. I look forward to participating in the Openfire community.

The openfire use the SLL connection security

“SSL (Secure Sockets Layer): cryptographic protocols which provide secure communications on the Internet”

You can set your self-signed certificate, but the openfire initially use the default certificate.

I can see under Sessions -> Active Sessions that our sessions are using SSL. I suppose that means our session traffic is encrypted.

Mostly I would like to know about the authentication itself (the sending of the username/password). I’d like to know what authentication method, in specific, is being used (Digest, MD5, SHA1, etc). Any ideas on where/how I would find that?