Re: [dev] sj: ucspi

From: Jan Klemkow <>
Date: Fri, 20 Nov 2015 10:28:08 +0100


Thanks for testing my jabber client and sorry for its inconvenience.

yes, STARTTLS is not implemented at the moment. I use for
testing, cause they use the Port 5223 for TLS which is not recommend. I
will implement STARTSSL in the near future, stay tuned.

sslc(1) is the legacy version that just needed the OpenSSL library. But
it doesn't do any cert checks. tlsc(1) is the recommended version which
uses LibTLS from LibreSSL. But have a look at the Version number, I had
made pachtes for LibreSSL a few month ago which are nessasary for

Greg: I saw you patch at hackers_AT_, I will have a look at it at this
weekend. Thanks!


On Thu, Nov 19, 2015 at 07:02:02PM -0500, Matthew of Boswell wrote:
> On Thu, 19 Nov 2015 15:14:06 -0500
> Greg Reagle <> wrote:
> > On 11/19/2015 03:11 PM, Matthew of Boswell wrote:
> > > Note, however, that it did not work with sj. I think the reason is that
> > > xmpp port 5222 is a STARTTLS port, not a straight SSL port.
> >
> > Maybe that's why the example in the man page of sj uses port 5223,
> > expecting that to be a straight SSL port.
> >
> Ah, the man page. I forgot to check that... I guess I assumed that if
> was out of date, the manpage would be as well. Let me know if
> you can get it working. My xmpp server ( doesn't have port
> 5223 open.
> I guess tlsc wouldn't be able to work on 5222, since STARTTLS is an
> application-level negotiation. Maybe best to do the tls inside sj?
> --
> Matt Boswell

Received on Fri Nov 20 2015 - 10:28:08 CET

This archive was generated by hypermail 2.3.0 : Fri Nov 20 2015 - 10:36:09 CET