[jdev] TLS version clarification for RFC 3920
Peter Saint-Andre
stpeter at stpeter.im
Tue Oct 14 15:48:13 CDT 2008
Norman Rasmussen wrote:
> Does RFC 3920 (bis?) specify what SSL/TLS versions should be supported?
No, it does not. We simply refer to the TLS spec and let people draw
their own conclusions. Versioning in TLS is somewhat outside the scope
of XMPP.
> As far as I understand the versions are:
>
> SSLv2 = 2.?
> SSLv3 = 3.0
> TLSv1 = 3.1 (as per RFC 2246)
And TLS 1.1 is defined in RFC 4346:
http://tools.ietf.org/html/rfc4346
> I would assume that most servers should support SSLv3 and TLSv1?
I would assume that, yes.
> It seems that Openfire 3.6.0a, doesn't support TLSv1, only SSLv3.
> Jabberd2 2.2.x only supports TLSv1, and not
> SSLv3: http://jabberd2.xiaoka.com/ticket/256#comment:3
Well, that's unfortunate. Typically, implementations support older
versions for the sake of backwards-compatibility.
Do you know what SSL/TLS software each of those uses? I remember seeing
something on the jabberd2 list recently about pulling out Cyrus SASL,
but I don't know what SSL/TLS software it uses, nor what version of that
software.
Peter
--
Peter Saint-Andre
https://stpeter.im/
More information about the JDev
mailing list