Not logged in. · Lost password · Register
Forum: XMPP Protocol RSS
Avatar
RoundSparrow #1
Member since Mar 2005 · 3 posts
Group memberships: Members
Show profile · Link to this post
Subject: SSL / TLS support on Compact Framework
anyone been able to make progress on having secure work on Compact Framework for xmpp?

Thanks.
Avatar
Alex #2
Member since Feb 2003 · 4327 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Hello,

we are working on a SSL library for the compact framework. But due to other projects this work is paused at the moment.
For now you would have to use a 3rd party library for SSL on CF.

Alex
Avatar
ayyrk #3
Member since Jul 2007 · 92 posts
Group memberships: Members, Premium
Show profile · Link to this post
Subject: Compact Framework Security
Is there a white paper or FAQ that gives a high level description of how agsxmpp handles authentication and encryption on compact framework?


Just a quick one liner.

Thanks!!
Avatar
Alex #4
Member since Feb 2003 · 4327 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
no there is no whitepaper. Let us know what you need exactly.

Alex
Avatar
Alex #5
Member since Feb 2003 · 4327 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
authentication depends on the server. All xmpp compliant servers support SASL authentication. SASL Digest-MD5 mechanism is used with the most servers.

Alex
Avatar
ayyrk #6
Member since Jul 2007 · 92 posts
Group memberships: Members, Premium
Show profile · Link to this post
Alex - you are a very patient person!

I am trying out agsxmpp on windows mobile 5. The API is written in a way that makes it easy to try out applications without a lot of headaches. The JXTA API on the other hand is too hard to use.

I know that I am going to be asked "what about security?".  So, if someone asked you "What about security?" what would be your brief answer?

Is the data sent between agsxmpp windows mobile 5 clients and an XMPP server encrypted or just plain text?

Thanks again!
Avatar
Alex #7
Member since Feb 2003 · 4327 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Hello ayyrk,
 
on pocket pc and smartphone the data is not encrypted because the .NET compact framework still supports no SSL and TLS.
On all other systems agsXMPP is using the .NET SslStream encrypt all data with TLS.

There is also no SSL/TLS component for CF available which we could use in agsXMPP.

Alex
Avatar
jmanley #8
Member since Aug 2008 · 4 posts
Group memberships: Members
Show profile · Link to this post
It's been a while... I see that the mobile library still doesn't include SSL.

Have there been any updates?  I rememer finding a thread on this forum where somebody had tried to port Mono over to the mobile environment, but that seems to have just been dropped about a year ago or so.

What about doing a P/Invoke on winsock.dll and using the setsockopt() function?  I think that I read someplace that winsock.dll is a protected dll and requires a signed project.  Is that what's holding everything up?

I was playing around with it (didn't try to sign my code yet), but I still can't get it to drop into SSL/TLS - no error, it just doesn't encrypt.  Probably could be one of a couple of things...
  I have always been a bit hazy on the whole marshalling objects, so I'm probably not calling setsockopt correctly
  I may not actually be sending setsockopt the socket handle correctly (I'm using _socket.Handle within the Connect() function in agsXMPP.net.ClientSocket
  Like I said, the code isn't signed even using a private certificate.

Any thoughts? suggestions?  I'd be interested in licensing agsXMPP_PPC.dll, but without secure connections, it's not really of any use to me (in a commercial application).
This post was edited on 2008-09-03, 02:10 by jmanley.
Avatar
Alex #9
Member since Feb 2003 · 4327 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Hello jmanley,

there is still no SslStream available in CF which is the reason why StartTls is not implemented. I have looked at different commercial and Open Source SSL/TLS libraries in the past and they all did not work or had other issues. I prefer managed code whenever possible and want to avoid PInvoke stuff.

I had the best results with the bccrypto library, but their TLS implementation did not support some features required by ejabberd and other servers. I got it working only with 1 server (Openfire). I filed some bug reports and I think they have fixed it. Its on my TODO list to test TLS again with the latest bccyptro library.

There were rumors that SslStream will be in CF3, this was the reason why I stopped working on TLS for CF. TLs is als very important for us, because there is still no support in the CF we have to start working again on this task.

Alex
Avatar
Alex #10
Member since Feb 2003 · 4327 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Hello,

I have a first Beta with TLS support for CF available.
If anybody is interested at testing please leave me a message.

Alex
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters: