Allow Dialback to be disabled

Description

Dialback was originally the primary method for server-to-server authentication. It was dropped from the core XMPP RFCs in 2011 in favour of TLS authentication. Documentation of the dialback protocol was moved to XEP-0220.

Dialback these days is still used, but, especially with the availability of easy and cheap certificates through LetsEncrypt, is used less than before.

Dialback is an old protocol, that has had several security related issues in the past.

From an interop perspective, it would be bad to remove dialback. However, security-minded administrators might choose to disable it.

Openfire should get an easy way (in the admin console) to disable dialback.

Environment

None

Assignee

Guus der Kinderen

Reporter

Guus der Kinderen

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Affects versions

Priority

Minor
Configure