Feature request - force TLS

Would it be possible to add a control to force TLS when logging in? I realize that I could just force the clients to use the dedicated ssl port, but I’'d like the idea that most clients would work “out of the box” and still be able to force security.

-jason

Jason,

One thing you could do is disable the normal XMPP port and only have the SSL port turned on. You would do this by setting “xmpp.socket.plain.active” to “false” on the System Properties page. You would need to restart the server to make this change take effect.

Regards,

Matt

Matt,

This seems like a reasonable useful configuration. Could you add that property to the list displayed on the System Properties page? Also, is there a list of what properties are configurable and what they do? Thanks!

This seems like a reasonable useful configuration.

Could you add that property to the list displayed on

the System Properties page?

Actually, that’‘s not how the system properties really work. Normally, we create an option in the admin console to directly enable/disable a feature. That then sets a system property under the hood. In general, people shouldn’‘t need to visit the system properties page to do configuration – it’'s just there for special cases. When we do the work of refactoring TLS support, we could definitely also add some more network configuration options to the admin console at that time.

Also, is there a list

of what properties are configurable and what they do?

Unfortunately, no, there’‘s no comprehensive list at the moment. Virtually everything can be set somewhere else in the admin console, though. There are only a few items that you have to set directly. At some point, we’'d like to document all of them though.

Regards,

Matt