Xmpp encryption

tonyg · April 24, 2018, 3:24pm

hi, i am setting up xmpp and I can get it to work with several clients if I disable encryption on the client. As this is not ideal, can anyone tell me if it is possible to enable encryption on freepbx xmpp and if so how?

thanks!

tm1000 · April 24, 2018, 3:30pm

This is not possible

tonyg · April 24, 2018, 5:16pm

andrew, i see that you are packaging letschat and i see that letschat does support encryption. i know that you do not support it, but is there any problem with me editing /var/www/html/admin/modules/xmpp/node/node_modules/lets-chat/settings.yml and enabling encryption?

also, how do i restart letschat without restarting asterisk?

thanks

tm1000 · April 24, 2018, 5:17pm

As far as I know enabling encryption will break freepbx xmpp login.

tonyg · April 24, 2018, 5:18pm

andrew, sorry if this is a ignorant question, but what does one have to do with the other?

tm1000 · April 24, 2018, 5:56pm

You use freepbx usermanager credentials to login to xmpp. Changing this setting will break freepbx login into xmpp as far as I am aware because the password will be passed to the internal services encrypted when it needs to be plaintext.

tonyg · April 24, 2018, 6:07pm

humm, ok, thanks for the clarification. btw, how do you restart letschat? is it possible to restart it without restarting asterisk?

tm1000 · April 24, 2018, 6:08pm

fwconsole stop xmpp && fwconsole start xmpp

tonyg · April 24, 2018, 6:48pm

fyi, i tested this out by making the following changes to the settings.yml file

http:
enable: false
host: 0.0.0.0
port: 5000
https:
enable: true
port: 5001
key: /etc/asterisk/keys/mkey.key
cert: /etc/asterisk/keys/mycert.crt
xmpp:
enable: true
port: 5222
domain: 0.0.0.0
roomCreation: true
tls:
enable: true
key: /etc/asterisk/keys/mykey.key
cert: /etc/asterisk/keys/mycert.crt
debug:
handled: true
unhandled: true

i am able to login, with both https and xmpp(encrypted)

fyi

cynjut · April 24, 2018, 7:13pm

Sounds like it’s time for a feature request. If your testing is correct, getting encryption on the XMPP server to work should be relatively simple (even if overkill).

tonyg · April 24, 2018, 7:39pm

done
https://issues.freepbx.org/browse/FREEPBX-17354

fyi, i don’t think it is overkill, when auth is linked to ldap, you have your users ldap creds are flying around encrypted.

system · April 24, 2019, 7:39pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.