Just have a 2 quick TLS questions ..
1) I have starttls_required set in my .cfg file. I'm guessing all communication (not just passwords) are encrypted, and the server will not accept a connection from a client that doesn't offer TLS, correct?
2) If using a video stream from the same server, is the video also completely encrypted?
Thanks,
rho
rhotech wrote: 1) I have
1) I have starttls_required set in my .cfg file. I'm guessing all communication (not just passwords) are encrypted, and the server will not accept a connection from a client that doesn't offer TLS, correct?
Right. All the clients that connect to your 5222 port must setup a TLS connection, or they are disconnected. And that connection is used for all the traffic between the client and your server (authentication, roster, messages, presences, chat rooms, ...)
2) If using a video stream from the same server, is the video also completely encrypted?
That depends if the client sends the video stream over the server using its connection to port 5222, or using another connection to proxy65/STUN, or directly to his contact's client.
tls
1) I have starttls_required set in my .cfg file. I'm guessing all communication (not just passwords) are encrypted, and the server will not accept a connection from a client that doesn't offer TLS, correct?
Right. All the clients that connect to your 5222 port must setup a TLS connection, or they are disconnected. And that connection is used for all the traffic between the client and your server (authentication, roster, messages, presences, chat rooms, ...)
Perfect.
2) If using a video stream from the same server, is the video also completely encrypted?
That depends if the client sends the video stream over the server using its connection to port 5222, or using another connection to proxy65/STUN, or directly to his contact's client.
How can I tell? The server is firewalled and only allows a very min. number of ports to be open. The test was using to iChat clients.
thanks a lot