[jdev] tsl negotiation over. Then what ?
Peter Saint-Andre
stpeter at jabber.org
Fri Mar 17 14:57:37 CST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adrian Adrian wrote:
> Hello,
> I'm totally new with the xmpp protocol so this questions may seem too
> easy if not plain stupid.
> I want to comunicate with the the im (wildfire) server through TLS.So I
> do what the docs tell me to do :
> I send this command :
> <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
> And server responds with :
> <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
> Now, if I read the docs correctly, I have to start a new stream and
> begin SASL negotiation. Is this correct ?
> If so, more questions will follow :) The digest-md5 is really making my
> head spin.
> Isn't there an easier way to establish a secure connection ? (without
> receiving challenges and stuff)
Depends on what you mean by secure. :-)
There is an older, nearly-deprecated method for authentication between
clients and servers:
http://www.jabber.org/jeps/jep-0078.html
In the old days clients could connect on a separate SSL-enabled port
(usually 5223, though that was never codified).
But with RFC 3920, it is preferred to upgrade to TLS on port 5222 and
then use SASL for authentication.
Are you writing your own library? Why not use one of the existing code
libraries that already does TLS+SASL?
Peter
- --
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEGyLANF1RSzyt3NURAh6NAKDL/MysQyIZMTzojaZQdBI1m3kL/ACgvRbz
45Y3Jk8Co9PM7AJ5QfZEnF4=
=Y+/I
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://www.jabber.org/jdev/attachments/20060317/cd4271de/attachment-0002.bin>
More information about the JDev
mailing list