Hello Ben, Thanks for the information.
We have an production version of openfire 3.3.2 and its not possible to upgrade immediately . hence I would be glad to know an possible solution for the ‘Plain text vulnerability’ fix which was reported from Nessus scan .
I have the following properties currently :
sasl.mechs : CRAM-MD5,DIGEST-MD5,ANONYMOUS,JIVE-SHAREDSECRET,GSSAPI,EXTERNAL
xmpp.client.certificate.accept-selfsigned : true
xmpp.client.certificate.verify : true
xmpp.client.certificate.verify.chain : true
xmpp.client.certificate.verify.root : true
xmpp.client.tls.policy : required
Please note : In this 3.3.2 version openfire administrator page there is no Client Settings Page I believe.
but while searched I have managed to see this another screen (Server Settings --> Edit Properties ) and below properties
Server Name: 'Server Name’
Server-to-Server Port: 5269
Component Port: 5275
Client Port: 5222
SSL Enabled: Enabled
Client SSL Port: 5223
Admin Console Port: 9090
Secure Admin Console Port: