Plain-Only Port


I have a problem: I’‘m trying to use the Jabber functionalities of both the Flyspray Bugtracker and the Unclassified Newsboard. Both don’'t seem to support encrypted XMPP connections in Linux because PHP backend library problems. Currently my Openfire instance only accepts encrypted client sessions, which must not be changed for connections through the internet.

The mentioned Web-Applications are running on the same server as my Openfire instance so it would be possible to allow only clients on the local machine to connect without encryption. Now I would like to know if the old-style SSL port of Openfire also has TLS and/or unencrypted capabilities. If this is the case, I could simply block the unencrypted port in the firewall to get what I want.

Thanks in advance for information on this topic.

I tested a bit around and it seems that only the default 5222 listener is TLS enabled. So is there a way to create an additional listener which ONLY supports TLS or one which supports just SSL and TLS and NOT unencrypted connections?

You would need to make some changes to the server to do what you’'re proposing – basically to startup an entirely new port that listens for unencrypted traffic.



You could either look for or write a program that listens only on localhost, and just pipes the data using SSL to port 5223.

I guess a combination of netcat or (x)inetd and openssl s_client could do that.

I’m now using Matrixtunnel (based on the MatrixSSL library) from the OpenWRT project. Files are available here.