I'm just trying to find out if Openfire is affected by the Heartbleed bug and if so, what is your recommendation for remediation?
Port 5222 is plain / TLS. Port 5223 is SSL - but we don't use OpenSSL.
for make sure update your "openssl" on ur server, not ssl but openssl
etc : on debian : apt-get dist-upgrade
Openssl is not required or used by Openfire. Anyhow all OpenSSL 1.0.1 users may want to update unless they did already.
Openfire uses bouncycastle