> From: [email protected] [mailto:[email protected]] On Behalf Of Björn Kempén > Sent: vineri, 11 ianuarie 2013 13:14 > To: Mathias Ertl > Cc: XMPP Operators Group > Subject: Re: [Operators] Gmail federation > > We do not currently support TLS on our s2s connections, so that's currently not expected to work.
Hello all, The lack of support for TLS on gmail.com side (which to be frank, is surprising, to say the least) is giving a lot of headaches, especially for admins who wish to enforce secure S2S comms. I was trying to overcome that problem by "tunneling" connections towards gmail.com via stunnel[1], so that outgoing connections would "look" secured to my XMPP server. However, I gave up when I realized that there's no way to make this work the other way around (as incoming connections would still be unsecured and thus rejected). Bjorn, considering internal confidentiality policies and all that jazz, could you please at least tell us what's holding Google back from enabling TLS on gmail.com S2S interface? We know that it works for c2s connections, so I find it hard to understand the lack on s2s connections. [1] https://www.stunnel.org/index.html Best regards, Claudiu
