no that’'s not what I need. Actually I read the source and saw that. Most servers I want to have a TLS connection with do not support SASL (EXTERNAL) (think gmail.com, but also many others).
Some of my peers also just close the connection when they do not encounter the dialback stanza in stream:stream, as Openfire doesn’'t send it when it attempts a TLS connection and then retries with dialback over a plain connection which then succeeds.
ejabberd does support TLS with server dialback so it can’'t be that far away from the RFC which specifies SHOULD behaviour for use of SASL with TLS.
Couldn’‘t you file a ticket about this issue for it to be fixed in a later version? Theoretically only TLS handling needs to be added to ServerDialback, I guess. (OTOH the server is, if I remember it correctly, forced to forget everything about the connection as soon as TLS starts, so I don’'t know if dialback would actually be needed twice in one connection.)