Hi Norman,
You can try connect to our server (uct.ac.za) which has those setting
(tls optional + allow self signed dialback). We also get a secure
connection with jabber.org & have a thawte cert....
D
Norman Rasmussen wrote:
On Tue, Oct 14, 2008 at 1:22 PM, lzby
<[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
I am the admin of the jabber.co.za <http://jabber.co.za> server.
We are using Openfire 3.6.0a
currently.
Hi lzby, and thanks for the reply,
On my security settings page for server to server, I have the
following
option selected:
Optional - Connections between servers may use secured
connections.
As opposed to:
Required - Connections between servers always use secured
connections.
which is not selected.
sounds good.
Also, there is a tickbox that I can select (not selected at the
moment):
Accept self-signed certificates. Server dialback over TLS is now
available.
My cert is signed by jabber.org <http://jabber.org>'s StartCom CA.
And I'm sure my testing with openssl hasn't been sending a cert at all.
- Maybe try enabling the option and I can recheck to see if there's a
difference?
With all my testing with openssl, jabber.co.za <http://jabber.co.za>
is the only server that it fails to connect to. (and the openssl
command line client is _very_ liberal with what it accepts by default)
If I look at the list of current server to server connections, I
have a
list of 32 connections, two of which are using encryption
(rivera.za.net <http://rivera.za.net>
and jabber.org <http://jabber.org>).
I have (amongst others), encrypted connections to: jabber.org
<http://jabber.org>, jabber.ru <http://jabber.ru>, and rivera.za.net
<http://rivera.za.net>. Can you tell if both directions are encrypted?
I am not sure how I can be of assistance to you, but please let me
know
if I can help in any way.
Being able to get hold of you is a great way to be of assistance :-)
--
- Norman Rasmussen
- Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
- Home page: http://norman.rasmussen.co.za/
