[Operators] OpenFire Ciphers/ Certificates article

Mathieu Pasquet mathieui at mathieui.net
Wed Dec 17 12:00:42 UTC 2014

On Wed, Dec 17, 2014 at 12:14:19PM +0100, Christian Reiß wrote:
> Hey folks,
> I wrote a small article on how to get OpenFire to work with strong
> ciphers and signed certificates. If there are any openfire users here
> that struggle with xmpp.net scoring, you might wanna give this a read:
>    https://alpha-labs.net/2014/12/openfire-and-ciphers/
> thanks all!
> -Christian.


It was a good read, thank you. I have been assuming for a while that
achieving decent security levels with openfire was close to impossible,
and I am glad to see that while it needs some tinkering, it is still

That being said, it appears your server still offers the possibility of
unencrypted connection and, more concerning, PLAIN through an unencrypted
connection, which is quite bad from a security point of view. Is that
impossible to prevent using openfire?

I would also suggest the subjectAltName extension instead of the Common
Name for setting up the certificate, but it works anyway.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/operators/attachments/20141217/8eeb5f22/attachment.sig>

More information about the Operators mailing list