SSL (was Re: [JDEV] new RFC draft)

Peter Saint-Andre stpeter at jabber.org
Mon Feb 4 09:54:49 CST 2002 

Dizzy has been planning to add SSL support to the Server Connection
Manager he built on top of JECL, however he's been awfully busy so I think
he hasn't gotten to it yet (he'd need to build SSL support into the
underlying libraries and that's not exactly straightforward).

Peter

--
Peter Saint-Andre
email+jabber: stpeter at jabber.org
web: http://www.saint-andre.com/

On Mon, 4 Feb 2002, Chris Pile wrote:

> I have compiled jabber with SSL support and can successfully
> listen/connect on the SSL/non-SSL client ports (5223/5222), but it
> doesn't listen on the SSL s2s port (5270).  You can see the server
> listening on the standard/non-SSL s2s port 5269.
> 
> $ netstat -an | grep 52
> tcp4       0      0  192.168.1.10.5269    *.*                    LISTEN
> tcp4       0      0  192.168.1.10.5223    *.*                    LISTEN
> tcp4       0      0  192.168.1.10.5222    *.*                    LISTEN
> 
> Just had a quick look through the code (in particular dialback.c) and it
> doesn't look like SSL s2s has been implemented.  As you said Peter, the
> RFC is just protocol, it doesn't describe how the server is implemented.
> 
> Shame though SSL s2s would be very nice, especially for a large internal
> messaging system spread accross different locations/servers.  I have
> heard of ppl connecting jabber servers using IPsec/VPNs but if s2s could
> use SSL, there would be no need for a VPN.
> 
> Looking at client.c and dialback.c I shouldn't imagine it is difficult
> to use SSL for s2s, but then I could be totally wrong.  Temas, any
> ideas?
> 
> 
> Thanks,
> Chris.
> 
> 
> Peter Saint-Andre wrote:
> > 
> > > I tried the following but port 5270 isn't listening.  Also I have
> > > successfully compiled SSL support and I'm using this for clients.  I'm
> > > using the CVS version of jabber2, checked out on Jan 17th.
> > 
> > Well we must keep in mind that the RFC is just protocol for the
> > standards-inclined. Everything but protocol is just an implementation
> > detail. :)
> > 
> > But yes you can run the 1.4 series server with SSL, but you need to
> > compile the server with the SSL libraries and so on. I haven't done that
> > myself so I can't tell you how to do it, though.
> > 
> > Peter
> > 
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>

More information about the JDev mailing list