Even after changing from a self signed to a third party signed (StartSSL) certificate my S2S connections dont seem to be encrypted.
Depending on the remote domain in the Admi gui I see that some remote domains dont show a lock for neither incoming nor outgoing (gmail.com for example ) but some do show at least in one direction a lock. (gmx.com for example)
The xmpp domain is the same as the hostname of the server like aa.bbb.com
Do I really have to put some SRV records into DNS to get it working?