powered by Jive Software

Question About Openfire TLS and SmackAPI

I just have a simple question about the role TLS plays in communicating with other users. I can get smackAPI connecting to my server using TLS , (connection.isUsingTLS and .isSecureConnection return true .

Now my question is , when a user sends another user a message, is this message encrypted , i.e can someone be a man in the middle and read the message? Or is TLS just used to authenticate the user on the server and the rest of the information is sent plain text?

Thanks,

Faisal

Hi Faisal,

TLS as well as the older SSL is used to encrypt the connections (and verify the identity via certificates). So if you send a message to another user and you use a secured connection to your server, there are several points of man in the middle attacs. First of all the servers (your and the server of your chat partner) are able to read your message and can be compromised. After that if the other user is located on a different server the connection to this server isn’t necessarily encrypted and could be attacked. At last the connection between the server and the other users client could be sended in plain text.

For end-to-end encryption you can have a look on OpenPGP or OTR.

Best regards