[ejabberd] ssl, tls, starttls, starttls_required

Yu-Shun Wang wang.yushun at gmail.com
Sun Mar 11 05:34:09 MSK 2007


Hi,

(Context: server 1.1.2 on FreeBSD 6.2 in jail)

Sorry if this has been asked before. Can someone
clarify how these options are used in terms of c2s.

Here's what I figured:

o All require "certfile"
o ssl: old SSL connection ("Force old SSL" in GAIM)
o starttls: new(er) STARTTLS ("Use TLS if available" in GAIM)
o starttls_required: used together with starttls to reject
   non-(start)tls connection to server
o tls: not sure. From the guide: "... specifies that traffic
   on the port will be encrypted using SSL immediately after
   connecting" Sounds the same as ssl above.

So a couple of questions & clarifications:

- What's the difference between tls and ssl (as in ejabberd
   options)?
- What's the difference between tls and starttls?
- Does it work (or even make sense) to use ssl, tls, and/or
   starttls in a single c2s line?
- Or another way of asking: what are the valid combinations
   of ssl, tls, starttls, and starttls_required in a single
   c2s line?

(RTFM is fine, but please give me a little more detailed
  pointers of where.)

I was testing tls/starttls, but Gaim (1.5) on windows keeps
crashing when using "Use TLS if available". Any other
clients w/ good tls/starttls support?

Thanks,

yushun


More information about the ejabberd mailing list