On 4/17/06, Adrian Adrian <[EMAIL PROTECTED]> wrote: > Hey, > > I used a packet sniffer as you suggested and sadly I was able to see all > packets, including the ones that came after the server said "proceed". > I then used a commercial im client and tried to sniff, and this one > worked as expected. Everything after "proceed" was encrypted. > > I don't get it. I wonder if this could be a platform issue (my application > is based on flash player 8 so that's actionscript virtual machine) or if I > misunderstood the tls plain authentication in the first place. > > Here's my full comunication : > > Client: > <?xml version="1.0"?><flash:stream to="myserver" xmlns="jabber:client" > xmlns:flash="http://www.jabber.com/streams/flash"; > version="1.0"> > > Server: > <?xml version='1.0' encoding='UTF-8'?><flash:stream > xmlns:flash="http://www.jabber.com/streams/flash"; > xmlns:stream="http://etherx.jabber.org/streams"; > xmlns="jabber:client" from="myserver" id="77241f23" xml:lang="en" > version="1.0"><stream:features><starttls > xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms > xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>CRAM-MD5</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms><auth > xmlns="http://jabber.org/features/iq-auth"/><register > xmlns="http://jabber.org/features/iq-register"/></stream:features> > > Client > <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> > > Server > <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/> > > Client > <?xml version="1.0"?><flash:stream to="myserver" xmlns="jabber:client" > xmlns:flash="http://www.jabber.com/streams/flash"; > version="1.0"> > > Server > <?xml version='1.0' encoding='UTF-8'?><flash:stream > xmlns:flash="http://www.jabber.com/streams/flash"; > xmlns:stream="http://etherx.jabber.org/streams"; > xmlns="jabber:client" from="myserver" id="77241f23" xml:lang="en" > version="1.0"><stream:features><starttls > xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms > xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>CRAM-MD5</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms><auth > xmlns="http://jabber.org/features/iq-auth"/><register > xmlns="http://jabber.org/features/iq-register"/></stream:features>
<snip/> You can see above that on opening the new stream, the server is still advertising <starttls/> This means that the TLS negotiation did not take place at all. What you need to do at this step is to actually initiate the TLS/SSL negotiation. I dunno if that's possible with ActionScript. Regards, Vinod.
