SSL (was Re: [JDEV] new RFC draft)

Thomas Muldowney temas at box5.net
Mon Feb 4 12:59:33 CST 2002 

Correct I never put s2s SSL in for the reason that it adds all kinds of
false senses of security.  In a controlled single environment setup it would
work great, and really shouldn't be hard to enable (maybe I can sneak it
into 1.4.2), but otherwise I just don't like it.  There are ways that it can
help, but it has to be in combination with a end point to end point
encryption still, otherwise the message could potentially be viewed.


--temas


----- Original Message -----
From: "Chris Pile" <cpile at snoogans.co.uk>
To: <jdev at jabber.org>
Sent: Monday, February 04, 2002 7:14 AM
Subject: Re: SSL (was Re: [JDEV] new RFC draft)


> I have compiled jabber with SSL support and can successfully
> listen/connect on the SSL/non-SSL client ports (5223/5222), but it
> doesn't listen on the SSL s2s port (5270).  You can see the server
> listening on the standard/non-SSL s2s port 5269.
>
> $ netstat -an | grep 52
> tcp4       0      0  192.168.1.10.5269    *.*                    LISTEN
> tcp4       0      0  192.168.1.10.5223    *.*                    LISTEN
> tcp4       0      0  192.168.1.10.5222    *.*                    LISTEN
>
> Just had a quick look through the code (in particular dialback.c) and it
> doesn't look like SSL s2s has been implemented.  As you said Peter, the
> RFC is just protocol, it doesn't describe how the server is implemented.
>
> Shame though SSL s2s would be very nice, especially for a large internal
> messaging system spread accross different locations/servers.  I have
> heard of ppl connecting jabber servers using IPsec/VPNs but if s2s could
> use SSL, there would be no need for a VPN.
>
> Looking at client.c and dialback.c I shouldn't imagine it is difficult
> to use SSL for s2s, but then I could be totally wrong.  Temas, any
> ideas?
>
>
> Thanks,
> Chris.
>
>
> Peter Saint-Andre wrote:
> >
> > > I tried the following but port 5270 isn't listening.  Also I have
> > > successfully compiled SSL support and I'm using this for clients.  I'm
> > > using the CVS version of jabber2, checked out on Jan 17th.
> >
> > Well we must keep in mind that the RFC is just protocol for the
> > standards-inclined. Everything but protocol is just an implementation
> > detail. :)
> >
> > But yes you can run the 1.4 series server with SSL, but you need to
> > compile the server with the SSL libraries and so on. I haven't done that
> > myself so I can't tell you how to do it, though.
> >
> > Peter
> >
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>

More information about the JDev mailing list