[SOLVED] Require Secure IM?

[Chewie71]

Is there a COS setting that will force secure IM? We'd like to open up port 5222 to allow external clients like Pidgin, but we don't want to do it unless we can enforce SSL only connections.

Thanks,
Matt

[y@w]

Doesn't Jabber use port 5223 for SSL-only connections by default? I use iChat and if I check the SSL box it will change the port to 5223. Also, I did confirm that you can't connect to the Zimbra IM service on port 5223 without using SSL. You could probably "enforce" it by only opening 5223 in the firewall.

[Chewie71]

Hmmm...by default it seems that Pidgin uses 5222 for it's SSL connection. It has a checkbox for using 5223 instead, but when I tried that it wouldn't connect at all.

My mgmt station is not firewalled, so it should work if the port was listening...guess I'll keep experimenting.

Thanks,
Matt

[y@w]

Hmm. Can you telnet to the server on port 5223? I guess the second port must be the "old" way of doing it. In Pidgin I used the "Force old (port 5223) SSL" option and it connected for me. Anyway, perhaps that's not the best way but I've not seen any options for the XMPP service like that.

[Chewie71]

Ah....

Not only must you check the box to "Force old (port 5223) SSL", but you have to also manually change the Connect Port number at the bottom from 5222 to 5223...it doesn't change it for you automatically when you check the "Force 5223 SSL" box.

That's a Pidgin application flaw...it should change it for you automatically if you check that box.

Yes it works, so we just have to open 5223 to force it to use SSL.

Matt