27/10/2005

jabberd2 starttls client problems

I’ve recently setup another jabberd2 installation. This time I had option, in c2s.xml , enabled. Unfortunately this created a ton of problems with clients other than gaim…Users using clients like exodus, miranda and psi for example had problems with that and could not login. Is it SO hard for programmers to write secure code ? Is it so hard to implement starttls ?

* Filed by kargig at 02:09 under Encryption,General,Privacy
* 2 Comments | 4,555 views

2 Responses to “jabberd2 starttls client problems”

  1. Aggelos Orfanakos
    October 27th, 2005 | 04:18
    Using Mozilla Firefox Mozilla Firefox 1.0.7 on Linux Linux

    Considering that only Gaim has this thing implemented, my best guess is that it is that hard. An alternative is that this feature does not worth it.

  2. site admin
    October 27th, 2005 | 05:19
    UsingUnknown browser

    it’s in the rfc…it should be implemented. And security is always needed and worth the extra effort/(cpu|mind) cycles.

    http://www.xmpp.org/specs/rfc3920.html#tls

    quoting the rfc:

    An administrator of a given domain MAY require the use of TLS for client-to-server communications, server-to-server communications, or both. Clients SHOULD use TLS to secure the streams prior to attempting the completion of SASL negotiation, and servers SHOULD use TLS between two domains for the purpose of securing server-to-server communications.

    That “SHOULD” word for clients makes the difference, and is what I am talking about.

    It’s about whether you want to authenticate over an encrypted “channel” or not…authentication and encryption should start “hanging out as best friends” as soon as possible for programmers. STARTTLS offers to the client the ability to encrypt his session over the current connection without having prior knoledge for a different “SSL enabled” port.

    It’s usefull…at least to me, and it is in use with IMAP servers for years, so it’s feasible-doable-not that hard to do.

Leave a reply