[Operators] requiring channel encryption

Maissel, Joe joe.maissel at credit-suisse.com
Wed Apr 30 08:16:12 CDT 2008


Yep.  This would work.  Not sure if our firewall guys will go for it. 

Can we create a standard SRV record for TLS only S2S? 

-----Original Message-----
From: operators-bounces at xmpp.org [mailto:operators-bounces at xmpp.org] On
Behalf Of Kevin Smith
Sent: Wednesday, April 30, 2008 9:11 AM
To: XMPP Operators Group
Subject: Re: [Operators] requiring channel encryption

On Wed, Apr 30, 2008 at 1:54 PM, Jonathan Schleifer <js-xog at webkeks.org>
wrote:
>  What about this as a solution: At the firewall level, route those  
> servers that don't support TLS to the other s2s and let traffic from  
> all other IPs be routed to the s2s that requires TLS. That way you  
> won't even need SRV records!

You still need the usual SRV record, just not the second one. This will
work fine, though :)

/K


==============================================================================
Please access the attached hyperlink for an important electronic communications disclaimer: 

http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
==============================================================================



More information about the Operators mailing list