powered by Jive Software

TLS and old SSL simultaneously

I’‘ve seen similar posts, but none had the answer I was looking for… I’‘m sorry if I’‘m duplicating questions here. I’'ve looked at Jive Messenger 2.2.0 and 2.3.0 beta 1, either one would be fine to use.

Is there a way to REQUIRE TLS on port 5222 and also have port 5223 available for older style SSL connections?

From what the admin console says, it looks like the “SSL” port 5223 by default allows TLS and standard SSL. If this is correct, it should be fine to just have the same kind of TLS/SSL socket for both port 5222 and 5223. From what I remember, using Jabberd2, the server actually sends an un-encrypted packet on port 5222 with a tag in it, causing the client to use TLS on port 5222. I’‘m not sure of the inner workings of TLS, however, so I’'m not sure if that will work so easily in a Java world.

In short I want to allow connections on port 5222 only using TLS and allow SSL on port 5223. Can it be done and how?

Thanks.

Hey Keith,

By default, JM 2.3.0 beta 1 allows clients to connect to ports 5222 and 5223. Clients connected to port 5222 can use unencrypted connections or may encrypt the socket using TLS and authenticate using SASL. Clients connected to port 5223 will use the old SSL encrypted method.

We still have to add the TLS & SASL pages to the admin console so you can easily configure them. Let us know if you have more questions.

Regards,

– Gato

Based on your response to Keith, it has sparked another question for me. If you enable both port 5222 and 5223, can you do the following?

  • Enable SSL only connections to port 5223

  • Enable TLS only connections to port 5222

  • Disable non-encrypted connection entirely

This is essentially what I’'ve been trying to setup myself.

Hey walkchalk,

The first two requirements are already available. Currently TLS is optional and there is no way to make it mandatory/optional/disabled. We created the issue JM-393 which should be implemented before the final release is out.

Regards,

– Gato