[jdev] TLS/SSL Stream Resumption and XMPP

Tobias Markmann tmarkmann at googlemail.com
Sat Mar 9 16:38:48 UTC 2013


On Sat, Mar 9, 2013 at 5:33 PM, Philipp Hancke <fippo at goodadvice.pages.de>wrote:

> Don't use STARTTLS, just multiplex TLS on port 5222 by peek'ing the first
> byte (which should be 0x16). jabberd has supported that for ages, it works
> quite reliably for TLSv1 client hellos (and slightly less for sslv2)


Prosody does that too for HTTP, SSL and SSL if I recall correctly...just
wondered what the correct way of doing TLS resumption is. XEP-0198 seems to
suggest resumption on STARTTLS, which does feel strange since you'd loose a
lot through the extra rount-trips. Although I agree, best would be to just
do TLS resumption on the usual XMPP port as advertised via SRV for that
domain, which would require the aforementioned port multiplexing. Does
jabberd support TLS resumption? If so what client has it been tested
against if any at all?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20130309/ff9709ec/attachment.html>


More information about the JDev mailing list