until the TLS hand shake has not done, server send the data in plain text.

bilalkhan

2016-12-23, 14:56 #1

Member since Oct 2016 · 81 posts · Location: Pakistan
Group memberships: Members

Show profile ·

Link to this post

Subject: until the TLS hand shake has not done, server send the data in plain text.

wait until tls complete handshake, i have written the below code, as we know that xmpp is async, it does not wait, during tls handshake the client send username and password, server send the sasl stream, until tls handshake is not complete it sends the data through simple socket.

In short until the TLS hand shake has not done, server send the data in plain text. Solution should i wait here until isTLSAuthenticated ?? or agsxmpp provide any solution for this??

//here is my code.
if (!IsTLSAuthenticated && StartTLSSupport)
{
    SendStreamFeatures(StreamFeatures.SSL);
}
 
else if (!IsAuthenticated)
{
    SendStreamFeatures(StreamFeatures.Sasl);
}
else if (!IsBinded && IsAuthenticated)
{
    SendStreamFeatures(StreamFeatures.Bind);
}

This post was edited 2 times, last on 2016-12-28, 11:22 by Alex.

Alex

2016-12-28, 11:26 #2

Member since Feb 2003 · 4449 posts · Location: Germany
Group memberships: Administrators, Members

Show profile ·

Link to this post

The server guides the client with the offered stream features.
When you want to enforce TLS then just don't send any SASL stream features until the connection is secured with TLS. And add the required tag to your TLS stream feature.

<stream:features>
   <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
      <required/>
   </starttls>
</stream:features>