powered by Jive Software

StartTLS support for XMPP clients

Is there support for startTLS for clients connecting to port 5222 in openfire, as per the RFC Extensible Messaging and Presence Protocol (XMPP): Core ? If so, how to enable it?

You can enable it in the Openfire admin console under Client Connections Settings:
Server Settings => Plain-text (with STARTTLS) connections => Enabled (checkbox should be ticked).

If you want to enforce encryption server-side go to Advanced configuration... and set STARTTLS policy to Required.

If you want to enforce STARTTLS disable Encrypted (legacy-mode) connections.

1 Like

Appreciate if you can provide the respective jive properties that govern these configurations, if you know them.

You can find them on github @ ConnectionSettings.java

For what it’s worth: this is enabled by default.

Thank you for the response.
I’ve seen this already and assumed that the property ‘xmpp.client.tls.policy’ was the one that governed this configuration. It was set as ‘disabled’ for my application, and I tried to set it to ‘required’ and ‘optional’ (as per Connection.TLSPolicy Openfire/Connection.java at main · igniterealtime/Openfire · GitHub). However, the connections are seen to be timing out with these configurations. The logs didn’t help much, and I wanted to see if I am using the right property before I debug it further. Hence the query. Looks like I’ve to debug it further.