Hi,
While browsing the source code of Openfire I found only two occurences of "SslContextFactory"
- src/java/org/jivesoftware/openfire/container/AdminConsolePlugin.java
- src/java/org/jivesoftware/openfire/http/HttpBindManager.java
The default ports for these services are 7433 (HTTP Bind) and 9091 (Admin Console).
But what about client connections on port 5222 using STARTTLS, do they support SSLv3 as well?
A connection test using a patched version of OpenSSL (see https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest) tells me that SSLv3 is enabled for Client connections on my server. (the used command is: ./openssl s_client -connect myopenfireserver:5222 -ssl3 -starttls xmpp)
akrherz's patch adresses only the first two problems. (https://github.com/akrherz/Openfire/commit/83e03fe549be1f17618c8c39cf70757be09dc d3a)
Can you verify this behaviour and is it relevant?
Thank you very much,
Florian.