[jdev] Opening stream element when TLS is not enabled
Ralph Giles
giles at onlinegamegroup.com
Tue Aug 30 01:37:29 CDT 2005
On Tue, Aug 30, 2005 at 08:33:19AM +0200, Jacek Konieczny wrote:
> That seems like an error in the specification. StartTLS is required for
> implementation, but may be disabled and <stream:features/> element is exactly
> for this -- showing which features are available and enabled and which are not.
My take on this was that it was broken-as-designed. That is, the intent
was that one could not offer TLS and still be spec compliant. It's a
goad to try an overcome the historical reluctance to implement proper
encryption for protocols.
> > Is there a way to say "Hey, I do
> > support TLS but it is NOT enabled at the moment"?
>
> I guess, omitting <starttls/> in the feature list is still the only way
> to do that.
That would be the logical approach. As written, though, the spec allows
clients to break if you do.
-r
More information about the JDev
mailing list