[Operators] XMPP Security Talk to IAB

[Evgeny Khramtsov]

Sun, 31 Aug 2014 22:35:07 +0200
Jonas Wielicki <xmpp-operators at sotecware.net> wrote:


> I left the c2s-encryption-required switch in place (there would have been
> out-of-band measures to reach me if that had been a problem)

A year ago I did some experiment on a medium size server (150,000 users
online in peak). I modified ejabberd so it added starttls <required/>
tag without actually requiring it, i.e. ignoring this tag by a client
was OK. The results were bad: about 20% of clients were ignoring it.
Mostly some versions of QIP (which is the most popular XMPP client in
Russia).