SSL (was Re: [JDEV] new RFC draft)
temas at box5.net
Mon Feb 4 12:59:33 CST 2002
Correct I never put s2s SSL in for the reason that it adds all kinds of
false senses of security. In a controlled single environment setup it would
work great, and really shouldn't be hard to enable (maybe I can sneak it
into 1.4.2), but otherwise I just don't like it. There are ways that it can
help, but it has to be in combination with a end point to end point
encryption still, otherwise the message could potentially be viewed.
----- Original Message -----
From: "Chris Pile" <cpile at snoogans.co.uk>
To: <jdev at jabber.org>
Sent: Monday, February 04, 2002 7:14 AM
Subject: Re: SSL (was Re: [JDEV] new RFC draft)
> I have compiled jabber with SSL support and can successfully
> listen/connect on the SSL/non-SSL client ports (5223/5222), but it
> doesn't listen on the SSL s2s port (5270). You can see the server
> listening on the standard/non-SSL s2s port 5269.
> $ netstat -an | grep 52
> tcp4 0 0 192.168.1.10.5269 *.* LISTEN
> tcp4 0 0 192.168.1.10.5223 *.* LISTEN
> tcp4 0 0 192.168.1.10.5222 *.* LISTEN
> Just had a quick look through the code (in particular dialback.c) and it
> doesn't look like SSL s2s has been implemented. As you said Peter, the
> RFC is just protocol, it doesn't describe how the server is implemented.
> Shame though SSL s2s would be very nice, especially for a large internal
> messaging system spread accross different locations/servers. I have
> heard of ppl connecting jabber servers using IPsec/VPNs but if s2s could
> use SSL, there would be no need for a VPN.
> Looking at client.c and dialback.c I shouldn't imagine it is difficult
> to use SSL for s2s, but then I could be totally wrong. Temas, any
> Peter Saint-Andre wrote:
> > > I tried the following but port 5270 isn't listening. Also I have
> > > successfully compiled SSL support and I'm using this for clients. I'm
> > > using the CVS version of jabber2, checked out on Jan 17th.
> > Well we must keep in mind that the RFC is just protocol for the
> > standards-inclined. Everything but protocol is just an implementation
> > detail. :)
> > But yes you can run the 1.4 series server with SSL, but you need to
> > compile the server with the SSL libraries and so on. I haven't done that
> > myself so I can't tell you how to do it, though.
> > Peter
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> jdev mailing list
> jdev at jabber.org
More information about the JDev