Hey guys,
Can someone point me to a forum topic/thread that provides details on how security is enabled using ejabberd ? I have a private server running on windows, installed openssl, created the self-signed certificate, copied it over to ejabberd's install folder. I then made the following changes in the config file:
% Listened ports:
{listen,
[
%{5222, ejabberd_c2s, [{access, c2s},
% {shaper, c2s_shaper}]},
{5222, ejabberd_c2s, [{access, c2s},
starttls, {certfile, "./ejabberd.pem"},
{shaper, c2s_shaper}]},
{5223, ejabberd_c2s, [{access, c2s},
tls, {certfile, "./ejabberd.pem"},
{shaper, c2s_shaper}]},Is that all there is to enabling TLS ? Is there anything else necessary to be done by me on the client-side (sorry for the dumb question) if i am writing my own XMPP client in javascript ?
Thanks
Bad news: you need to support it on the client
Yes. Check with a STARTTLS enabled client that it really works. Exodus and Pandion (on Windows) and Tkabber (from CVS), for example.
The client must support STARTTLS, of course. And if prompted, select to use it.
Since the client must support STARTTLS, you either code all the SSL stuff or use a library on your client. You can check how other clients solved it. JWChat is in Javascript but uses HTTP-Poll/HTTP-Bind so it does not use any security. The only existing Jabber development library in Javascript is JSJac, the one used by JWChat. Jabberzilla has STARTTLS but is coded on C++
I haven't look too hard, but it looks to me that there isn't an easy way to support STARTTLS on a javascript client. How did JWChat solve the security issue? The webserver can serve JWChat on HTTPS, port 443, and the webserver can be installed on the same machine as the Jabber server.
To make it easier for you:
To make it easier for you: .
--
sander