I finish a simple chat app using ASmack
i set
config.setSASLAuthenticationEnabled( true );
AND
config.setSecurityMode(ConnectionConfiguration.SecurityMode.enabled);
is it enough ? how secure the communication between Asmack App and the open fire server
and what {
config.setTruststoreType(“AndroidCAStore”);
config.setTruststorePassword(null);
config.setTruststorePath(null); } do ???
and thanks in advance
Security is a complicated matter. These two options are the first steps into the right direction. But how secure the connection finally is, depends on a few more variables, like the used cipher and TLS version. Also note that SecurityMode.enabled means that TLS will be used if it’s available and otherwise no TLS will be used, meaning that TLS is optional. You may want to use SecurityMode.required.
The Truststore setting tells Smack to use Android’s CA Store, which is IIRC only available on Android 4.0 or higher. A truststore stores all certifactes that are trusted Which means that all certificates that are signed by one of the certificate authorities certificates in this truststore, are considered valid.
thanks for your reply
like the used cypher and TLS version. Also note that SecurityMode.enabled means that TLS will be used if it’s available and otherwise no TLS will be used, meaning that TLS is optional. You may want to use SecurityMode.required.
how can I use cypher between asmack and openfire ???
2 how to handle TLS on openfire ??
yeah i got what u ment ,
and my question was how to implemnt that ?
should I write a plugin for the openfire or should I make smack comunicate with e.g. (a php service i write)
that play a midle man and handle encription ???
please advise me
Openfire already supports TLS. The documentation for this is located here.
If you require two way authentication, the server is capable of that as well, but there is a definite lack of documentation for the configuration.