CounterPath User to User Support Forums

[asdf1234]

Hi,

is there any way to see in the bria im client if the xmpp connection to the server is using TLS ? I think it would be nice to know if the transport is encrypted. A small icon like a padlock in the status bar would be nice.

Regards
asdf1234

[Bogdan]

As far as i know "all" XMPP servers uses TLS.

[asdf1234]

i thought only the negotiation via STARTTLS is mandatory. A client can decide to not use TLS or negotiation of TLS can fail. (RFC6120 section 5).

If that is the case how would the user know ?

Regards
asdf1234

[Bogdan]

Our client requests TLS.

[asdf1234]

i just setup a test xmpp server locally and disabled tls. The Bria client happily connected using SASL authentication (which is secure) but the contents of the send messages and signalling etc. where unencrypted as expected, so i think a icon which informs the user whether or not the connection is secure would be a nice thing.

Regards
asdf1234

[Bogdan]

PErhaps indicator would be good.
But notice that you forced on server to disable TLS.
This is not what real servers do.

Meaning that this is not app to the app (as opposed to SIP).
I don't think that managed systems e.g. Skype provides such indicators.

[asdf1234]

I can think of many actions like intercepting port 5222 connections (public hotspots for example) and altering the connection atemps to stay plaintext and read all the messages that pass through. If you have an indicator for encryption and "verify ssl certs' in combination you can be pretty sure no one is tampering with your connection.

See the Whatsapp sniffer application for android for example that proxyarps all traffic through the attackers device and capture all messages traveling through the wifi network.

P.s: i don't really care about closed systems like skype, no one really considers that a solution for business applikations.

Regards
asdf1234