powered by Jive Software

How to test SSL is working?

Hi,

I am using Wildfire 2.4.0 as the server and Exodus 0.9.1.0 as the client.

I am using the versign 14 day trial SSL certificate, I have installed this correctly after a lot of messing about.

I am using all the default ports.

I have the client running on one PC and the server on another.

On the server I have selected in the security settings that clients are required to connect using a secure connection.

When I log in using Exodus (client) I get a silver padlock in the corner of the window, I was expecting a gold padlock as per conventon (a bit of a side issue) .

OK so thats the background…

However I am not convinced that the client is using SSL to connect to the server. So I thought I would test this by blocking port 5222 on the client machine and try and connect. However I can not connect to the server.

In the server error log is the following line:

2006.01.11 12:49:46 [org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:158)

] Connection closed before session established

1588325[SSL_NULL_WITH_NULL_NULL: Socket[addr=/10.4.1.26,port=4156,localport=5223]][/i]

So my question really is:

  1. Is this normal does the client need to connect using port 5222 in order to authenticate and start using SSL on port 5223

  2. How can I test this is working?[/b]

Hi,

you may want to run ethereal+pcap (unix/win) or tcpdump (unix-only) or use the Windows Network Monitor (afaik w2kServer only) or any other sniffer. Looking at the network trace should not be interesting if you are using SSL.

LG

Hi,

For both the server and client machines I am running Windows XP

I have run a netstat-a on both machines and it appears that the connection is being made on port 5222 thus not using SSL.

I think it may be that I have configured Exodus (client) wrongly, could anyone give me an idiots guide as to how I should have the settings set?

Thanks in advance

Hey guys,

In XMPP clients can connect to port 5222 (default port) using a plain socket and then negotiate TLS thus securing the connection. I would recommend using port 5222 instead of the old 5223 port (default port) for old the SSL connection method. You can configure from the admin console that TLS is required so clients can only connect to the server if they secure the connection.

Hope that helps,

– Gato

To tell if your data is being encrypted or not you will need to do what it2000 suggested and actually look at the data being sent and not just rely on the port it is being sent to/through.

Go to http://www.ethereal.com/ and follow the instructions to install it under windows.

You can also do what gatos suggested and enable in the security section the option to only allow secure (require) connections. Then if the client connects you know it is secure, otherwise it isn’'t.

Regards,

RioGD