Hi!
I had originally configured our firewall to only forward port 5223 to force all external clients to use SSL, but from some other posts on the forum, I now have the impression that I can open port 5222 and if the clients are configured to use TLS “when available”, connections will still be encrypted.
Is this understanding correct?
regards,
Alan.
Hey Alan,
Port 5223 that supports the old SSL method is really a “deprecated” feature. If your clients support TLS (that is the new feature) then you can configure the server so that TLS is mandatory, use port 5222 and configure the firewall accordingly. This means that all clients will connect through port 5222 and their connections are encrypted.
Regards,
– Gato