powered by Jive Software

How do I configure spark 2.6.3 to use https to connect to Openfire 3.8.1

I Currently have spark working remotely and locally using the default port 5222.
I am using spark 2.6.3 and Openfire 3.8.1.
Openfire tells me from the management screen that it is listening on 7443 for https connections.
How do I configure the client to use this port so that I can close 5222 on the firewall.
Have to run Vulnerability Scans and it would help if I could just worry about https and not have to care about another port.
Any help would be appreciated.

7443 is the default port for secure WEB connection. It is not suited for regular apps like Spark. Spark can have secure connection on port 5222. You just need to set secure connection as required on the server and then Spark will use it. You can see if Spark is using secure connection, if it is showing a yellow padlock icon in the bottom right corner of its main window. Also in Openfire Admin console you can see the same padlock icon on the Sessions page.

As 3.8.1 is very old, i can’t tell exactly in which menu you should enforce the secure connections. I think it was in Server Settings > Security Settings or something like that.

Thanks Wroot,

Turns out, it is running in secure mode, it’s just that because of the
age it has no chance of passing vulnerability testing.

Three questions,

  1. Can I update directly from the version I have to the most current one
    or do I have to do interim updates?

  2. Do I need to upgrade all of the Spark clients as well, or just Openfire?

  3. Is there a good guide for doing the upgrade?

Thanks in advance for your help

  1. It can work directly, but i think it is better to do incremental updates. https://github.com/igniterealtime/Openfire/releases

  2. I don’t know what your security scan shows. It might be enough to just update Openfire. But Spark also has Java built-in (if installed that way) and older version might use unsafe ciphers, etc. You can also run into other issues when using old Spark version with new Openfire version, although i am able to login with 2.6.3, but i haven’t done thorough testing. At one point 2.6.3 wasn’t working with recent Openfire versions and then 2.7.0 was pushed out.

  3. There is none. There are too many different configurations (OS, install type, database, etc.). It would be hard to create a guide for all scenarios. You can probably find various specific guides in the forums or Google, but probably outdated and not suited for your case. There is a guide in the official documentation, but very basic http://download.igniterealtime.org/openfire/docs/latest/documentation/upgrade-guide.html

Holy Moly

28 releases between 3.8.1 and 4.2.3!

I get an error about the dhe_export cipher, sslv2 and or sslv3 being
enabled, the rsa_export cipher, a request to use elliptic-curve
diffie-hellman, and that the ssl/tls cert is signed with a weak
signature algorithm.

Daunting task. I remember it being a headache when I deployed this
server getting 3.8.1 configured and running. I had it running previously
on a 2003 server and the same config didn’t work after redeploying on
new server.

Having far greater expertise than I, how much of a pain do you think
upgrading in place over and over will be? Did you experience gotchas
with any of these interim releases. I see you’ve been in the community
forever!

You may still get some of these warnings with the recent version of Openfire, but newest versions at least have some options of managing ciphers. Before upgrading you can just install a test server and scan it.

We have actually stopped using Openfire in my company almost a year ago, so the latest i had updated to was maybe 4.2.0. I’ve been running it for the last 5+ years on Windows Server 2008 R2 and had no problems with updates that i remember of. I have even switched from 32 to 64 bit easily doing in place upgrade. But i read a lot of threads here about problems doing updates over 20+ releases.