Correct I never put s2s SSL in for the reason that it adds all kinds of false senses of security. In a controlled single environment setup it would work great, and really shouldn't be hard to enable (maybe I can sneak it into 1.4.2), but otherwise I just don't like it. There are ways that it can help, but it has to be in combination with a end point to end point encryption still, otherwise the message could potentially be viewed.
--temas ----- Original Message ----- From: "Chris Pile" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 04, 2002 7:14 AM Subject: Re: SSL (was Re: [JDEV] new RFC draft) > I have compiled jabber with SSL support and can successfully > listen/connect on the SSL/non-SSL client ports (5223/5222), but it > doesn't listen on the SSL s2s port (5270). You can see the server > listening on the standard/non-SSL s2s port 5269. > > $ netstat -an | grep 52 > tcp4 0 0 192.168.1.10.5269 *.* LISTEN > tcp4 0 0 192.168.1.10.5223 *.* LISTEN > tcp4 0 0 192.168.1.10.5222 *.* LISTEN > > Just had a quick look through the code (in particular dialback.c) and it > doesn't look like SSL s2s has been implemented. As you said Peter, the > RFC is just protocol, it doesn't describe how the server is implemented. > > Shame though SSL s2s would be very nice, especially for a large internal > messaging system spread accross different locations/servers. I have > heard of ppl connecting jabber servers using IPsec/VPNs but if s2s could > use SSL, there would be no need for a VPN. > > Looking at client.c and dialback.c I shouldn't imagine it is difficult > to use SSL for s2s, but then I could be totally wrong. Temas, any > ideas? > > > Thanks, > Chris. > > > Peter Saint-Andre wrote: > > > > > I tried the following but port 5270 isn't listening. Also I have > > > successfully compiled SSL support and I'm using this for clients. I'm > > > using the CVS version of jabber2, checked out on Jan 17th. > > > > Well we must keep in mind that the RFC is just protocol for the > > standards-inclined. Everything but protocol is just an implementation > > detail. :) > > > > But yes you can run the 1.4 series server with SSL, but you need to > > compile the server with the SSL libraries and so on. I haven't done that > > myself so I can't tell you how to do it, though. > > > > Peter > > > > _______________________________________________ > > jdev mailing list > > [EMAIL PROTECTED] > > http://mailman.jabber.org/listinfo/jdev > _______________________________________________ > jdev mailing list > [EMAIL PROTECTED] > http://mailman.jabber.org/listinfo/jdev > _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
