[Standards] Fwd: [Uta] STARTTLS vulnerabilities

Holger Weiß holger at zedat.fu-berlin.de
Thu Aug 12 13:16:52 UTC 2021


* Sam Whited <sam at samwhited.com> [2021-08-11 17:21]:
> In my experience it's widely supported these days.

At least for c2s, yes.

> I also don't know if clients prioritize these records over starttls.

XEP-0368 says:

| Both 'xmpp-' and 'xmpps-' records SHOULD be treated as the same record
| with regard to connection order as specified by RFC 2782 [3], in that
| all priorities and weights are mixed. This enables the server operator
| to decide if they would rather clients connect with STARTTLS or direct
| TLS. However, clients MAY choose to prefer one type of connection over
| the other.

Holger


More information about the Standards mailing list