In my admin tool there IS NOT a padlock icon next to the users session and so I know the connection is not SSL. Also, openfire admin is set for “SSL Disabled” in the server properties.
In any case, my friend insists Openfire is making an SSL connection but I disagree. Does anyone understand the encoding of this protocol enough so that I can prove to my friend that this IS NOT ssl encrypted?
Maybe your clients are doing some encryption independently of a server. Because with SSL disabled you should clearly see xml sctructure and text of the messages.