STARTTLS in XMPP?

[Peter Saint-Andre]

It's unclear to me whether Miranda supports the upgrade of port 5222 to
encrypted using the XMPP STARTTLS command in accordance with RFC 3920
(see bug #152). At the jabber.org IM service we recently turned off
support for the legacy SSL-only port 5223 and Miranda users have been
unable to connect securely since then according to user reports, but I
want to make sure I'm not missing anything they could fix in their
preferences. If necessary we will re-enable port 5223 to make Miranda
(and other) users happy. :)

Thanks!

Peter

--
Peter Saint-Andre
https://stpeter.im/

[Boris Krasnovskiy]

>It's unclear to me whether Miranda supports the upgrade of port 5222 to encrypted using the XMPP STARTTLS command in accordance with RFC 3920

Yes, Miranda does support STARTTLS (set port to 5222 and checkTLS checkbox in options).

> At the jabber.org IM service we recently turned off support for the legacy SSL-only port 5223

And that was very dumb move the way I see it. 

As "Legacy SSL" on port 443 is the only sure way to connect to jabber server from behind corporate firewall. As all ports are blocked so connection have to be done through proxy and HTTPS proxy checks for SSL headers before allowing connection to go through, so STARTTLS will never work.

 

Thank you,
Boris Krasnovskiy

[Peter Saint-Andre]

On 2/16/10 4:38 PM, Boris Krasnovskiy wrote:
>>It's unclear to me whether Miranda supports the upgrade of port 5222
> to encrypted using the XMPP STARTTLS command in accordance with RFC 3920
>
> Yes, Miranda does support STARTTLS (set port to 5222 and checkTLS
> checkbox in options).

OK, thanks.

>> At the jabber.org <http://jabber.org> IM service we recently turned

> off support for the legacy SSL-only port 5223
>
> And that was very dumb move the way I see it.

Thanks for your feedback. Given that port 5223 was deprecated in 2004,
it's surprising that people still feel it's necessary. But such is life.

> As "Legacy SSL" on port 443 is the only sure way to connect to jabber
> server from behind corporate firewall. As all ports are blocked so
> connection have to be done through proxy and HTTPS proxy checks for SSL
> headers before allowing connection to go through, so STARTTLS will never
> work.

Funny, it seems to work for the vast majority of people, except those
who use very old or broken XMPP clients.

[Boris Krasnovskiy]

Funny, it seems to work for the vast majority of people, except those
who use very old or broken XMPP clients.

Well, people who do what? 

People who do not have corporate jobs ? (and by corporate I mean people employed by companies having 100s or 1000s employees)  

School kids using IM at home or in school?

It's definitely for you decide which social group you want to see as Jabber.org users.

 

I am just show you the problems I am many Miranda users are facing, as questions come up all the time. Our user base is largely like that - people employed by corporations, minimalistic client is largely appealing to them.

> Given that port 5223 was deprecated in 2004

Who cares when you change some document. IM is used to communicate.  Most of my active day by far is spent at work. So if I cannot communicate from work, why do I need this IM protocol? I do not.

I would like reiterate here, me and most of the users do not care about your standards, we care about ability to communicate. If we cannot do that non it matters. 

Hopefully I got my point across.

Thank you,
Boris Krasnovskiy