Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS encryption not handled if required by server #1

Open
hocken opened this issue Jun 21, 2011 · 0 comments
Open

TLS encryption not handled if required by server #1

hocken opened this issue Jun 21, 2011 · 0 comments
Assignees
@hocken

Comments

@hocken
Copy link
Owner

hocken commented Jun 21, 2011

TLS encryption is not handled by the gateway when the starttls feature is required by the XMPP server.

In order to communicate with servers that require encryption, the gateway should buffer the server's response that includes the initial opening stream tag and the first feature list. If

<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>

is included in the feature list, the gateway must

  1. perform the TLS handshake,
  2. upgrade the socket, and
  3. re-open the stream.
    Then the first feature list with the starttls feature must be dropped and the lately received feature list with the entry requiring SASL authentication must be forwarded to the client. Of course in that case the wss:// scheme should be used to provide encryption between client and gateway as well.
@ghost ghost assigned hocken Jun 21, 2011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hocken hocken

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hocken