SSL in OpenFire

All,

We just set-up Openfire XMPP server and have external clients connecting to the server through the firewall. We have one user who uses the MAC I-Chat client to connect using XMPP. This person is indicating that his I-Chat client is warning him that he is sending his password in “clear” (I assume that this means “clear-text”). I checked the server settings and SSL (self-signed) is configured though optional. The sessions page shows that all users are connected via ssl (including the MAC I-chat user). This is indicated by the little orange lock found on the sessions page of the admin console.

Are the passwords being sent in clear text as the MAC client believes? And is this just another example of MAC not adhering to standards or is my interpretation of Openfires use of SSL different from say a website?

Thanx in advance!!!

Hey Michael,

I don’t have an iChat client here to test but I guess that it’s warning that it’s using SASL PLAIN. However, using SASL PLAIN over an encrypted connection (TLS or old SSL) is still secure. In summary, if your clients are using TLS or old SSL then it’s fine to use SASL PLAIN if your concern is about not sending passwords without encrypting them.

Regards,

– Gato