0 Replies Latest reply on Mar 8, 2017 3:11 AM by Mathieu

    StartTLS policy 'required' ignored for C2S

    Mathieu

      Hi,

      I'm currently having a problem with Openfire 4.1.1.

      My Nessus scan is showing the following vulnerabilty:

      The remote Extensible Messaging and Presence Protocol (XMPP) service supports one or more authentication mechanisms that allow credentials to be sent in the clear.

       

      My problem is that Plain text authentication is enabled even if i set StartTLS policy to Required for Client Connections Settings.

      How to disable cleatext authentication mechanisms?

      Thanks!