<labelfor="tlspolicy-required"><b>Required</b> - Connections cannot be established unless they are encrypted.</label>
</td>
</tr>
</table>
</admin:contentBox>
</c:if>
<admin:contentBox title="Mutual Authentication">
<p>In addition to requiring peers to use encryption (which will force them to verify the security certificates of this Openfire instance) an additional level of security can be enabled. With this option, the server can be configured to verify certificates that are to be provided by the peers. This is commonly referred to as 'mutual authentication'.</p>
<p>These options configure some aspects of the verification/validation of the certificates that are presented by peers while setting up encrypted connections.</p>
<inputtype="checkbox"name="accept-self-signed-certificates"id="accept-self-signed-certificates"${configuration.acceptSelfSignedCertificates?'checked':''}/><labelfor="accept-self-signed-certificates">Allow peer certificates to be self-signed.</label>
</td>
</tr>
<trvalign="middle">
<td>
<inputtype="checkbox"name="verify-certificate-validity"id="verify-certificate-validity"${configuration.verifyCertificateValidity?'checked':''}/><labelfor="verify-certificate-validity">Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate).</label>
</td>
</tr>
</table>
</admin:contentBox>
<admin:contentBox title="Encryption protocols">
<p>These are all encryption protocols that this instance of Openfire supports. Those with a checked box are enabled, and can be used to establish an encrypted connection. Deselecting all values will cause a default to be restored.</p>
<p>These are all encryption cipher suites that this instance of Openfire supports. Those with a checked box are enabled, and can be used to establish an encrypted connection. Deselecting all values will cause a default to be restored.</p>
webManager.logEvent("Updated connection settings for "+connectionType,"Applied configuration to plain-text as well as legacy-mode connection listeners.");
webManager.logEvent("Updated connection settings for "+connectionType,"plain: enabled="+plaintextEnabled+", port="+plaintextTcpPort+"\nlegacy: enabled="+legacymodeEnabled+", port="+legacymodeTcpPort+"\n");
<tdwidth="99%"><inputtype="text"name="plaintext-readBuffer"id="plaintext-readBuffer"value="${plaintextConfiguration.maxBufferSize}"readonly/> (in bytes)</td>
<labelfor="plaintext-tlspolicy-required"><b>Required</b> - Connections cannot be established unless they are encrypted.</label>
</td>
</tr>
</table>
<br/>
<h4>Mutual Authentication</h4>
<p>In addition to requiring peers to use encryption (which will force them to verify the security certificates of this Openfire instance) an additional level of security can be enabled. With this option, the server can be configured to verify certificates that are to be provided by the peers. This is commonly referred to as 'mutual authentication'.</p>
<labelfor="plaintext-mutualauthentication-wanted"><b>Wanted</b> - Peer certificates are verified, but only when they are presented by the peer.</label>
<labelfor="plaintext-mutualauthentication-needed"><b>Needed</b> - A connection cannot be established if the peer does not present a valid certificate.</label>
</td>
</tr>
</table>
<br/>
<h4>Certificate chain checking</h4>
<p>These options configure some aspects of the verification/validation of the certificates that are presented by peers while setting up encrypted connections.</p>
<tablecellpadding="3"cellspacing="0"border="0">
<trvalign="middle">
<td>
<inputtype="checkbox"name="plaintext-accept-self-signed-certificates"id="plaintext-accept-self-signed-certificates"${plaintextConfiguration.acceptSelfSignedCertificates?'checked':''}/><labelfor="plaintext-accept-self-signed-certificates">Allow peer certificates to be self-signed.</label>
</td>
</tr>
<trvalign="middle">
<td>
<inputtype="checkbox"name="plaintext-verify-certificate-validity"id="plaintext-verify-certificate-validity"${plaintextConfiguration.verifyCertificateValidity?'checked':''}/><labelfor="plaintext-verify-certificate-validity">Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate).</label>
<tdwidth="99%"><inputtype="text"name="legacymode-readBuffer"id="legacymode-readBuffer"value="${legacymodeConfiguration.maxBufferSize}"readonly/> (in bytes)</td>
</tr>
</table>
<br/>
<h4>Mutual Authentication</h4>
<p>In addition to requiring peers to use encryption (which will force them to verify the security certificates of this Openfire instance) an additional level of security can be enabled. With this option, the server can be configured to verify certificates that are to be provided by the peers. This is commonly referred to as 'mutual authentication'.</p>
<labelfor="legacymode-mutualauthentication-wanted"><b>Wanted</b> - Peer certificates are verified, but only when they are presented by the peer.</label>
<labelfor="legacymode-mutualauthentication-needed"><b>Needed</b> - A connection cannot be established if the peer does not present a valid certificate.</label>
</td>
</tr>
</table>
<br/>
<h4>Certificate chain checking</h4>
<p>These options configure some aspects of the verification/validation of the certificates that are presented by peers while setting up encrypted connections.</p>
<tablecellpadding="3"cellspacing="0"border="0">
<trvalign="middle">
<td>
<inputtype="checkbox"name="legacymode-accept-self-signed-certificates"id="legacymode-accept-self-signed-certificates"${legacymodeConfiguration.acceptSelfSignedCertificates?'checked':''}/><labelfor="legacymode-accept-self-signed-certificates">Allow peer certificates to be self-signed.</label>
</td>
</tr>
<trvalign="middle">
<td>
<inputtype="checkbox"name="legacymode-verify-certificate-validity"id="legacymode-verify-certificate-validity"${legacymodeConfiguration.verifyCertificateValidity?'checked':''}/><labelfor="legacymode-verify-certificate-validity">Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate).</label>
webManager.logEvent("Updated connection settings for "+connectionType,"Applied configuration to plain-text as well as legacy-mode connection listeners.");
webManager.logEvent("Updated connection settings for "+connectionType,"plain: enabled="+plaintextEnabled+", port="+plaintextTcpPort+"\nlegacy: enabled="+legacymodeEnabled+", port="+legacymodeTcpPort+"\n");
<tdwidth="99%"><inputtype="text"name="plaintext-readBuffer"id="plaintext-readBuffer"value="${plaintextConfiguration.maxBufferSize}"readonly/> (in bytes)</td>
<labelfor="plaintext-tlspolicy-required"><b>Required</b> - Connections cannot be established unless they are encrypted.</label>
</td>
</tr>
</table>
<br/>
<h4>Mutual Authentication</h4>
<p>In addition to requiring peers to use encryption (which will force them to verify the security certificates of this Openfire instance) an additional level of security can be enabled. With this option, the server can be configured to verify certificates that are to be provided by the peers. This is commonly referred to as 'mutual authentication'.</p>
<labelfor="plaintext-mutualauthentication-wanted"><b>Wanted</b> - Peer certificates are verified, but only when they are presented by the peer.</label>
<labelfor="plaintext-mutualauthentication-needed"><b>Needed</b> - A connection cannot be established if the peer does not present a valid certificate.</label>
</td>
</tr>
</table>
<br/>
<h4>Certificate chain checking</h4>
<p>These options configure some aspects of the verification/validation of the certificates that are presented by peers while setting up encrypted connections.</p>
<tablecellpadding="3"cellspacing="0"border="0">
<trvalign="middle">
<td>
<inputtype="checkbox"name="plaintext-accept-self-signed-certificates"id="plaintext-accept-self-signed-certificates"${plaintextConfiguration.acceptSelfSignedCertificates?'checked':''}/><labelfor="plaintext-accept-self-signed-certificates">Allow peer certificates to be self-signed.</label>
</td>
</tr>
<trvalign="middle">
<td>
<inputtype="checkbox"name="plaintext-verify-certificate-validity"id="plaintext-verify-certificate-validity"${plaintextConfiguration.verifyCertificateValidity?'checked':''}/><labelfor="plaintext-verify-certificate-validity">Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate).</label>
<tdwidth="99%"><inputtype="text"name="legacymode-readBuffer"id="legacymode-readBuffer"value="${legacymodeConfiguration.maxBufferSize}"readonly/> (in bytes)</td>
</tr>
</table>
<br/>
<h4>Mutual Authentication</h4>
<p>In addition to requiring peers to use encryption (which will force them to verify the security certificates of this Openfire instance) an additional level of security can be enabled. With this option, the server can be configured to verify certificates that are to be provided by the peers. This is commonly referred to as 'mutual authentication'.</p>
<labelfor="legacymode-mutualauthentication-wanted"><b>Wanted</b> - Peer certificates are verified, but only when they are presented by the peer.</label>
<labelfor="legacymode-mutualauthentication-needed"><b>Needed</b> - A connection cannot be established if the peer does not present a valid certificate.</label>
</td>
</tr>
</table>
<br/>
<h4>Certificate chain checking</h4>
<p>These options configure some aspects of the verification/validation of the certificates that are presented by peers while setting up encrypted connections.</p>
<tablecellpadding="3"cellspacing="0"border="0">
<trvalign="middle">
<td>
<inputtype="checkbox"name="legacymode-accept-self-signed-certificates"id="legacymode-accept-self-signed-certificates"${legacymodeConfiguration.acceptSelfSignedCertificates?'checked':''}/><labelfor="legacymode-accept-self-signed-certificates">Allow peer certificates to be self-signed.</label>
</td>
</tr>
<trvalign="middle">
<td>
<inputtype="checkbox"name="legacymode-verify-certificate-validity"id="legacymode-verify-certificate-validity"${legacymodeConfiguration.verifyCertificateValidity?'checked':''}/><labelfor="legacymode-verify-certificate-validity">Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate).</label>
// final int plaintextListenerMaxThreads = ParamUtils.getIntParameter( request, "plaintext-maxThreads", plaintextConfiguration.getMaxThreadPoolSize() );
<p>Connections of this type are established using encryption immediately (as opposed to using STARTTLS). This type of connectivity is commonly referred to as the "legacy" method of establishing encrypted communications.</p>
<p>Openfire can accept plain-text connections, which, depending on the policy that is configured here, can be upgraded to encrypted connections (using the STARTTLS protocol).</p>
<tdwidth="99%"><inputtype="text"name="legacymode-readBuffer"id="legacymode-readBuffer"value="${legacymodeConfiguration.maxBufferSize}"readonly/> (in bytes)</td>
</tr>
</table>
<br/>
<h4>Certificate chain checking</h4>
<p>These options configure some aspects of the verification/validation of the certificates that are presented by peers while setting up encrypted connections.</p>
<tablecellpadding="3"cellspacing="0"border="0">
<trvalign="middle">
<td>
<inputtype="checkbox"name="legacymode-accept-self-signed-certificates"id="legacymode-accept-self-signed-certificates"${legacymodeConfiguration.acceptSelfSignedCertificates?'checked':''}/><labelfor="legacymode-accept-self-signed-certificates">Allow peer certificates to be self-signed.</label>
</td>
</tr>
<trvalign="middle">
<td>
<inputtype="checkbox"name="legacymode-verify-certificate-validity"id="legacymode-verify-certificate-validity"${legacymodeConfiguration.verifyCertificateValidity?'checked':''}/><labelfor="legacymode-verify-certificate-validity">Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate).</label>