On Monday, November 04 2013, Justin T. Pryzby wrote: > If you mean in C2S: <id require-starttls='1'>. > > You can also set <ssl-port>5223</ssl-port>, which will naturally > reject anything that's not valid SSL (different from xmpp+starttls).
Also, if you want to allow *only* encrypted connections between server-to-server, you will want to look at your s2s.xml, and uncomment <require_tls/>: <security> <!-- Require TLS secured S2S connections --> <!-- <require_tls/> --> Don't forget to uncomment the <pemfile>...<pemfile/> tags as well. -- Sergio