We're updating the issue view to help you get more done. 

S2S: Allow Mutual Authentication by default when using signed certificate

Description

Openfire allows mutual authentication (SASL EXTERNAL) for all connection types, although the default setting disables this feature.

If a properly signed (instead of the default self-signed) certificate is installed, I'm not seeing downsides in allowing SASL EXTERNAL. It would be good to have this enabled for S2S, as it reduces the complexity for S2S establishment (the alternative approach, Dialback, requires an elaborate handshake).

Environment

None

Acceptance Test - Entry

None
Fixed

Assignee

Guus der Kinderen

Reporter

Guus der Kinderen

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Priority

Minor
Configure