The next nightly build will include support for TLS and SASL for server-2-server connections. We currently support only the EXTERNAL SASL mechanism. By default the server will keep using server dialback instead of TLS + SASL since this is the most popular way for servers to connect.
To enable TLS for s2s you will need to set the system property “xmpp.server.tls.enabled” to true in the Admin Console. In order to make things easier to test you may also want to set the system property “xmpp.server.certificate.verify” to false in the Admin Console so that the certificates are not validated. If you want to test with valid certificates then you will have to configure the truststore file with the proper certificates.
Please, let me know if you are having any problem (there are “precious” points waiting for you). I tested this new functionality only between JM servers since not many servers support TLS + SASL for s2s. I know that Coversant supports TLS + EXTERNAL SASL so I will test JM - Coversant soon.