[jdev] Doing ssl straight without a non encrypted handshake

Norman Rasmussen norman at rasmussen.co.za
Sat Feb 14 07:29:42 CST 2009

On Fri, Feb 13, 2009 at 9:12 PM, Kevin Smith <kevin at kismith.co.uk> wrote:
> On Fri, Feb 13, 2009 at 7:10 PM, Norman Rasmussen
> <norman at rasmussen.co.za> wrote:
>> On Fri, Feb 13, 2009 at 9:00 PM, Adi <jabber.list at gmail.com> wrote:
>>> Is this even possible? Lets say we have ssl in a load balancer and a xmpp
>>> server behind it. Sending a <stream> or <starttls> is gonna confuse the LB.
>> Use legacy ssl port 5223.
> That's not going to help though, except in a carefully orchestrated
> scenario. I think what the OP really wants is an XMPP server that
> supports clustering (and most of them do), because it's not enough to
> run several independent xmpp daemons and loadbalance them - they need
> shared state to be able to service the same domain.

Correct, but in much the same way that you can put special hardware in
front of a web server like this:

web browser, https --> port 443 --> hardware --> port 80 --> http server

you could do xmpp like this:

xmpp client, xmpps --> port 5223 --> hardware --> port 5222 --> xmpp server

which I think is what the op was asking about.

- Norman Rasmussen
 - Email: norman at rasmussen.co.za
 - Home page: http://norman.rasmussen.co.za/

More information about the JDev mailing list