powered by Jive Software

StartTLS policy 'required' ignored for C2S


I’m currently having a problem with Openfire 4.1.1.

My Nessus scan is showing the following vulnerabilty:

The remote Extensible Messaging and Presence Protocol (XMPP) service supports one or more authentication mechanisms that allow credentials to be sent in the clear.

My problem is that Plain text authentication is enabled even if i set StartTLS policy to Required for Client Connections Settings.

How to disable cleatext authentication mechanisms?