The TLS protocol
Traditionally, Jabber servers has supported TLS by utilising a "wrapper" around the standard protocol stream. This wrapper usually listens on a port other than those listed in the IANA registry
This document describes an extension to the Jabber XML stream that provides a "STARTTLS" command which clients may invoke on an insecure stream to secure it. This extension is modelled on RFC 2595, which describes the STARTTLS extension for the IMAP
This protocol operates over the standard Jabber client connection on port 5222.
The namespace identifier for this protocol is http://www.ietf.org/rfc/rfc2595.txt.
The following examples show the dialogue between a client [C] and a server [S].
The client begins by requesting the use of STARTTLS as part of the normal Jabber stream negotiation. The server responds by informing the client whether or not it supports STARTTLS. It does this in the normal stream negotiation response:
In the event that a server does not support the STARTTLS extension, it will respond with the normal stream negotiation response:
To begin the TLS negotiation, the client issues the STARTTLS command:
When the server is ready to begin the TLS negotiation, it will close the XML stream, but will keep the underlying connection to the client open:
The client now begins a normal TLS negotiation by sending the TLS ClientHello command. Upon completion of the TLS negotiation, the client reissues the XML stream initialization:
This is necessary, since any information about the stream presented by the server or the client may have been modified by an attacker.
Note that once the secure channel has been established, the server must not advertise or allow the use of the STARTTLS command.
TLS allows clients to be authenticated by verifying the certificate that they present during the TLS negotiation. This can be done in conjunction with the Jabber SASL profile (see SASL Integration (XEP-0034)
If a client authenticates with a certificate using the TLS authentication, and the client requests the use of SASL in the second XML stream negotiation (over the secure channel), servers supporting certificate-based authentication should add the EXTERNAL mechanism to the list of supported authentication mechanisms. If the client then requests this mechanism, the server should automatically inform the user that authentication was successful. See RFC 2222
Servers implementing STARTTLS functionality are not required to implement certificate-based authentication.