powered by Jive Software

Edit Server Properties > SSL Enabled Setting Explanation Request

Hi folks,

I am hoping someone can explain the setting “SSL Enabled:” located in the Edit Server Properties window in the Openfire Admin Console.

To be more precise the setting is located by navigating Server > Server Manager > Server Information > scroll down to bottom, click “Edit Properties”. This is NOT the System Properties page.

The “SSL Enabled:” setting located in the Edit Server Properties window has two choices which are “Enabled” and “Disabled”. When I go into this window the “Disabled” option is selected, however I do not know if this is the option that is applied or if it is selected but not applied until I click "Save Properties. I do not believe I have ever changed this setting.

Can someone please explain what this setting does and what it is used for? Is it for client to server communication, server to server communication or some other type of communications? How does this setting affect other aspects of Openfire and other services running on Openfire? Does it have any sort of impact I should be aware of?

Until I saw this option I was under the impression that Openfire was already using SSL in at least some connections. I now realize it is not using SSL for LDAP authentication to the Active Directory server. I have the client connections forced to use the new TLS method and the old SSL client connection method is unavailable, this was setup custom by myself. Client connnections still work though so I assume they are using secure communication. I am also able to access the Openfire Admin Console using the SSL secured port of 9091.

Thanks for help anyone can provide. Hope to hear back on this soon.

NOTE: I have attached a screenshot of the settings I am wanting explained. This is in the Edit Server Properties page and not the System Properties page.

Strange indeed, but it seems this option has no affect on the system. Actually it is changing the system property xmpp.socket.ssl.active, but it has no affect on https login to Admin Console, neither on SSL connections of the clients. Probably only the devs can answer this. Maybe this is some obsolete piece of code.

I dont think SSL apply to the server connection to the LDAP, and actually i dont see the reason to use secure connection here. It’s only a contact and structure information taken form here.

Thanks for the reply. I’m attempting to document Openfire for work. I am going to leave this thread open.

I have asked Gato (main Openfire dev once) via PM, and that’s what he said:

Check out http://svn.igniterealtime.org/svn/repos/openfire/branches/openfire_3_4_4/src/jav a/org/jivesoftware/openfire/spi/ConnectionManagerImpl.java methods createClientSSLListeners() and startClientSSLListeners(). There you will see that the server should not start listeners on SSL (5223) and also do not offer TLS over 5222. You might need to restart the server after changing that.

– Gato