Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1940

Allow Dialback to be disabled

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 4.4.4
    • Fix Version/s: None
    • Component/s: Admin Console, Core
    • Labels:
      None

      Description

      Dialback was originally the primary method for server-to-server authentication. It was dropped from the core XMPP RFCs in 2011 in favour of TLS authentication. Documentation of the dialback protocol was moved to XEP-0220.

      Dialback these days is still used, but, especially with the availability of easy and cheap certificates through LetsEncrypt, is used less than before.

      Dialback is an old protocol, that has had several security related issues in the past.

      From an interop perspective, it would be bad to remove dialback. However, security-minded administrators might choose to disable it.

      Openfire should get an easy way (in the admin console) to disable dialback.

        Attachments

          Activity

            People

            Assignee:
            guus Guus der Kinderen
            Reporter:
            guus Guus der Kinderen
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: