Skip navigation
Up to Discussions in Smack
2279 Views 1 Reply Latest reply: Jul 5, 2009 12:48 PM by Guenther Niess RSS
FaisalAbid Bronze
FaisalAbid
2 posts since
Jul 3, 2009
Currently Being Moderated

Jul 3, 2009 3:16 PM

Question About Openfire TLS and SmackAPI

I just have a simple question about the role TLS plays in communicating with other users. I can get smackAPI connecting to my server using TLS , (connection.isUsingTLS and .isSecureConnection return true .

 

Now my question is , when a user sends another user a message, is this message encrypted , i.e can someone be a man in the middle and read the message? Or is TLS just used to authenticate the user on the server and the rest of the information is sent plain text?

 

Thanks,

Faisal

Tags: smack, ssl, encryption, tls, secure
  • Guenther Niess KeyContributor
    Guenther Niess
    305 posts since
    Jun 19, 2008
    Currently Being Moderated
    Jul 5, 2009 12:48 PM (in response to FaisalAbid)
    Re: Question About Openfire TLS and SmackAPI

    Hi Faisal,

    TLS as well as the older SSL is used to encrypt the connections (and verify the identity via certificates). So if you send a message to another user and you use a secured connection to your server, there are several points of man in the middle attacs. First of all the servers (your and the server of your chat partner) are able to read your message and can be compromised. After that if the other user is located on a different server the connection to this server isn't necessarily encrypted and could be attacked. At last the connection between the server and the other users client could be sended in plain text.

    For end-to-end encryption you can have a look on OpenPGP or OTR.

     

    Best regards

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points