Forum Discussion

Nimbostratus

May 23, 2009

XMPP with STARTTLS

I love the simplicity of SSL offload using standard SSL/TLS. Unfortunately, I've recently been given a requirement to do XMPP (an Instant Messaging protocol) using STARTTLS. I found ...

Nimbostratus

Sep 26, 2011

The big issue is to make sure that all stream tags are paired with /stream tags if you're editing the script. Fundamentally, when the client first connects and sends the stream tag, I ignore the data they send and reply with a request for TLS. When I see them connect with the starttls command, I ignore their data and start SSL handshaking. All future data is handed to the pool doing processing. This isn't the most robust solution, but it's seemed to work with clients.

I'd do a packet capture from both client and real server to see what is actually being sent and received by each end.

Regards,

Rick

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

XMPP with STARTTLS

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

STARTTLS Server SMTP with cleartext and STARTTLS client support

LDAP StartTLS Extension to LDAPS Proxy

F5 and STARTTLS

Configure balancing with XMPP protocol

Hybrid Exchange traffic and Starttls

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS