psi icon indicating copy to clipboard operation
psi copied to clipboard

Published 20 hours ago verified publisher icon psi-im

XEP-0368: SRV records for XMPP over TLS

Open Neustradamus opened this issue 11 years ago • 2 comments
trafficstars

Can you add "XEP-0368: SRV records for XMPP over TLS" support?

  • https://xmpp.org/extensions/xep-0368.html

"Legacy SSL/TLS" from old RFC 3920 has been removed in RFC 6120 and relive to "Direct TLS" with a XEP-0368.

Respect XMPP RFCs:

  • https://tools.ietf.org/html/rfc3920 (Obsoleted by: 6120)
  • https://tools.ietf.org/html/rfc6120 (Last version)

Neustradamus avatar Jan 14 '14 20:01 Neustradamus

XEP-0368: SRV records for XMPP over TLS https://xmpp.org/extensions/xep-0368.html

Neustradamus avatar Feb 12 '17 21:02 Neustradamus

@Ri0n Any update to this issue? As I don't use the _xmpp-client._tcp.... because the port 5222 is blocked in some public WiFi's

git001 avatar Jul 23 '19 12:07 git001

implemented

Ri0n avatar Jun 07 '24 08:06 Ri0n

@Ri0n: Not fully yet, no "Direct TLS", always "Legacy SSL".

Please reopen :/

Neustradamus avatar Jun 07 '24 10:06 Neustradamus

New commits here:

  • https://github.com/psi-im/iris/commit/0534923b5a81e11d80867bb7e7f5dd5e70f48091
  • https://github.com/psi-im/psi/commit/1f37adf244effcd8f22b1eeea61e7c53259762db

Not finished yet.

Neustradamus avatar Jun 20 '24 23:06 Neustradamus

not finished what?

Ri0n avatar Jun 21 '24 06:06 Ri0n

Already here:

  • https://github.com/psi-im/psi/issues/103#issuecomment-2154536224

Neustradamus avatar Jun 21 '24 11:06 Neustradamus

@Ri0n: Not fully yet, no "Direct TLS", always "Legacy SSL".

Please reopen :/

Legacy SSL is a different thing. It's when we try to use SSL without any discovery. But direct TLS in context of the XEP means we DO discovery. And it's currently a default behavior when any encryption is enabled except legacy SSL.

So I don't see how it's unfinished .

Ri0n avatar Jun 21 '24 12:06 Ri0n

@Ri0n: I will repeat for you...

There is no "Direct TLS" currently in the client.

Legacy SSL has been stopped the Open Discussion Day 2014, more details here:

  • https://opendiscussionday.org/
  • https://stpeter.im/journal/1496.html
  • https://xmpp.org/2014/05/happy-encrypted-network/
  • https://blog.prosody.im/mandatory-encryption-on-xmpp-starts-today/

Direct TLS exists with XEP-0368, like I have requested in this ticket:

  • https://xmpp.org/extensions/xep-0368.html
  • https://docs.modernxmpp.org/client/design/

But there is no "Direct TLS" in code:

  • https://github.com/search?q=org%3Apsi-im+%22direct+tls%22&type=code

Except only one in internal code, a lot of missing changes:

  • https://github.com/search?q=org%3Apsi-im+%22directtls%22&type=code

There is always the old Legacy SSL:

  • https://github.com/search?q=org%3Apsi-im+%22legacy+ssl%22&type=code

You can see some examples:

  • Openfire: https://github.com/search?q=org%3Aigniterealtime+%22legacy+ssl%22&type=pullrequests
  • https://github.com/search?q=%22direct+tls%22&type=code
  • https://www.google.com/search?q=%22direct+tls%22

This ticket is not solved, please reopen it.

Neustradamus avatar Jun 21 '24 15:06 Neustradamus

What do you mean there no direct TLS? Of course it's there. Moreover it's default.

Ri0n avatar Jun 21 '24 15:06 Ri0n

@Ri0n: Have you looked all links?

"

But there is no "Direct TLS" in code:

  • https://github.com/search?q=org%3Apsi-im+%22direct+tls%22&type=code

Except only one in internal code, a lot of missing changes:

  • https://github.com/search?q=org%3Apsi-im+%22directtls%22&type=code

There is always the old Legacy SSL:

  • https://github.com/search?q=org%3Apsi-im+%22legacy+ssl%22&type=code

You can see some examples:

  • Openfire: https://github.com/search?q=org%3Aigniterealtime+%22legacy+ssl%22&type=pullrequests
  • https://github.com/search?q=%22direct+tls%22&type=code
  • https://www.google.com/search?q=%22direct+tls%22

"

I add a screenshot:

  • https://i.ibb.co/FKRzM68/psi-legacy-ssl.png

Neustradamus avatar Jun 21 '24 16:06 Neustradamus

Why do you care so much about the naming? Direct TLS is anyway optional and depends on dns records, but it's currently implemented. Enforcing it (therefore making an explicit option) reduces chances to connect successfully. But resolving of xep-0368 records is currently implemented and works. Default account settings will try to use direct TLS.

Ri0n avatar Jun 21 '24 16:06 Ri0n

https://github.com/search?q=org%3Apsi-im+%22direct+tls%22&type=code vs https://github.com/search?q=org%3Apsi-im+%22legacy+ssl%22&type=code

And you can see the screenshot too.

Neustradamus avatar Jun 21 '24 16:06 Neustradamus

And?

Ri0n avatar Jun 21 '24 16:06 Ri0n

It is needed to update the code.

You can see that people can not find "Direct TLS", there is not.

Openfire is good for example:

  • https://github.com/search?q=org%3Aigniterealtime+%22legacy+ssl%22&type=pullrequests

Neustradamus avatar Jun 21 '24 16:06 Neustradamus

Ok. I'll rename legacy to direct. even so it brings confusion wrt 368. coz there they use this term for a little different thing

Ri0n avatar Jun 21 '24 18:06 Ri0n

@Ri0n: Thanks!

Other commits here:

  • https://github.com/psi-im/iris/commit/c56d09950668607f194e514e8e854e233cfe883a
  • https://github.com/psi-im/iris/commit/53d2308293b8fba8f35a575cda314eb5930321e1
  • https://github.com/psi-im/iris/commit/9009b342315bc6d3c75580d5d8bd727711a331eb
  • https://github.com/psi-im/psi/commit/fee9191c66e9e4744d46fe362f949b9524260c0b

To be better, there are always to remove:

  • https://github.com/search?q=org%3Apsi-im+%22legacy+ssl%22&type=code

Neustradamus avatar Jun 23 '24 14:06 Neustradamus