[jdev] TLS and SASL procedure
JD Conley
jd.conley at coversant.net
Thu Aug 18 12:01:23 CDT 2005
> In my previous post, I want to ask if I should let my codes do some
> checking after TLS negotiation and before SASL negotiation. Now my
> codes start SASL immediately after a successful TLS negotiation and
> this is what I understand from the XMPP spec.
You can't really assume that the client will do SASL after successful
TLS negotiation. They might negotiate compression, ACK, registration,
non-sasl auth, dialback, or some other stream feature.
In all the implementations I've seen this is allowed and SASL is not
necessarily even required on an XMPP stream.
-JD Conley
More information about the JDev
mailing list