Fellow researchers,
XMPP's xml streams are secured using TLS (see RFC 3920 4.3).
The basic protocol handshake to get there is divided into three stages.
1. plain xml handshake ("opening stanza exchange")
2. TLS protocol handshake
3. TLS-based xml handshake (repetition of 1., but encrypted)all this must be done on the same InputStream/OutputStream pair. no new communication channel is opened for TLS, the plain initiating channel is reused and transitioned to TLS. jdk has built-in support for TLS through javax.net.ssl.SSLServerSocket, but there is no easy way (AFAIK) to have a. AND b. where a. = TLS on any kind of InputStream b. = an existing plain InputStream to switch to TLS a. is important to me because the protocol should be able to run without going over sockets, for testing and abstraction purposes. I was looking into bouncycastle libraries [1], and it seems there is achance it could be done with org.bouncycastle.crypto.tls.RecordStream (maybe by concatenating InputStreams using java.io.PipedInputStream), but before starting, I'd love to hear everyone else's input.
(In vysper source code there is a very skeletonal unit test for this.) Thanks, Bernd --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
