[jdev] tls negotiation over. Then what ?
Matthew A. Miller
linuxwolf at outer-planes.net
Sat Mar 18 07:26:27 CST 2006
You'll need to read RFC 2831 (Using Digest Authentication as a SASL
Mechansim) to (hope to) understand the various bits.
From the IETF: http://www.ietf.org/rfc/rfc2831.txt
Adrian Adrian wrote:
> By secure connection I mean being able to send and receive xml packets
> that can't be intercepted and decoded by a third party. So anything
> that achieves that is good for me.
> I use the XIFF library for dealing with XMPP
> It's built for Flash Actionscript 2.0 and it's exactly what I need
> except it doesn't do TLS+SASL.
> So let me get this straight:
> In order to use TLS + SASL :
> I send out a command <starttls bla bla />
> Server sends <proceed >
> I then start a new stream, select a mechanism (digest md-5),
> server sends a challenge (base64 encoded)
> I decode that but I don't know what to send back. The specs say I
> shoud send this :
> What are these : username, realm, nonce, cnonce, nc, qop, digest-uri,
> response ?
> Where do I get them from ?
> (Sorry to be dense)
> */Peter Saint-Andre <stpeter at jabber.org>/* wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Adrian Adrian wrote:
> > Hello,
> > I'm totally new with the xmpp protocol so this questions may
> seem too
> > easy if not plain stupid.
> > I want to comunicate with the the im (wildfire) server through
> TLS.So I
> > do what the docs tell me to do :
> > I send this command :
> > And server responds with :
> > Now, if I read the docs correctly, I have to start a new stream and
> > begin SASL negotiation. Is this correct ?
> > If so, more questions will follow :) The digest-md5 is really
> making my
> > head spin.
> > Isn't there an easier way to establish a secure connection ?
> > receiving challenges and stuff)
> Depends on what you mean by secure. :-)
> There is an older, nearly-deprecated method for authentication between
> clients and servers:
> In the old days clients could connect on a separate SSL-enabled port
> (usually 5223, though that was never codified).
> But with RFC 3920, it is preferred to upgrade to TLS on port 5222 and
> then use SASL for authentication.
> Are you writing your own library? Why not use one of the existing code
> libraries that already does TLS+SASL?
> - --
> Peter Saint-Andre
> Jabber Software Foundation
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> Relax. Yahoo! Mail virus scanning
> helps detect nasty viruses!
"Got JABBER(R)?" <http://www.jabber.org/>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3543 bytes
Desc: S/MIME Cryptographic Signature
More information about the JDev