Since the original behavior was to accept self-signed. A change in 3.10.1 caused a lot of problems for users upgrading, so it was reverted back in 3.10.3 to the behavior everyone was expected. right or wrong, a lot of commercial products act in the same way as well. With a few small changes, it should be easy to add the certificate check, and a property value to enable it.
Hi speedy, thanks for the swift reply.
Having the option would be great and I wouldn't mind if the default would accepts self-signed certs.
In my environment OpenFire has to communicate with LDAP via an untrusted network. Having the choice to avoid MITM attacks would be appreciated. :-)