@@ -329,6 +330,7 @@ public class ConnectionConfiguration
...
@@ -329,6 +330,7 @@ public class ConnectionConfiguration
/**
/**
* @param type
* @param type
* @param enabled
* @param maxThreadPoolSize The maximum number of threads that are to be used to processing network activity. Must be equal to or larger than one.
* @param maxThreadPoolSize The maximum number of threads that are to be used to processing network activity. Must be equal to or larger than one.
* @param maxBufferSize The maximum amount of bytes of the read buffer that I/O processor allocates per each read, or a non-positive value to configure no maximum.
* @param maxBufferSize The maximum amount of bytes of the read buffer that I/O processor allocates per each read, or a non-positive value to configure no maximum.
* @param clientAuth specification if peers should be authenticated ('mutual authentication') (cannot be null).
* @param clientAuth specification if peers should be authenticated ('mutual authentication') (cannot be null).
...
@@ -337,7 +339,7 @@ public class ConnectionConfiguration
...
@@ -337,7 +339,7 @@ public class ConnectionConfiguration
* @param tlsPolicy The TLS policy that is applied to connections (cannot be null).
* @param tlsPolicy The TLS policy that is applied to connections (cannot be null).
webManager.logEvent("Updated connection settings for "+connectionType,"Applied configuration to plain-text as well as legacy-mode connection listeners.");
<p>Openfire can accept plain-text connections, which, depending on the policy that is configured here, can be upgraded to encrypted connections (using the STARTTLS protocol).</p>
<tdwidth="99%"><inputtype="text"name="plaintext-readBuffer"id="plaintext-readBuffer"value="${plaintextConfiguration.maxBufferSize}"readonly/> (in bytes)</td>
<labelfor="plaintext-tlspolicy-required"><b>Required</b> - Connections cannot be established unless they are encrypted.</label>
</td>
</tr>
</table>
<br/>
<h4>Mutual Authentication</h4>
<p>In addition to requiring peers to use encryption (which will force them to verify the security certificates of this Openfire instance) an additional level of security can be enabled. With this option, the server can be configured to verify certificates that are to be provided by the peers. This is commonly referred to as 'mutual authentication'.</p>
<labelfor="plaintext-mutualauthentication-wanted"><b>Wanted</b> - Peer certificates are verified, but only when they are presented by the peer.</label>
<labelfor="plaintext-mutualauthentication-needed"><b>Needed</b> - A connection cannot be established if the peer does not present a valid certificate.</label>
<p>Connections of this type are established using encryption immediately (as opposed to using STARTTLS). This type of connectivity is commonly referred to as the "legacy" method of establishing encrypted communications.</p>
<tdwidth="99%"><inputtype="text"name="legacymode-readBuffer"id="legacymode-readBuffer"value="${legacymodeConfiguration.maxBufferSize}"readonly/> (in bytes)</td>
</tr>
</table>
<br/>
<h4>Mutual Authentication</h4>
<p>In addition to requiring peers to use encryption (which will force them to verify the security certificates of this Openfire instance) an additional level of security can be enabled. With this option, the server can be configured to verify certificates that are to be provided by the peers. This is commonly referred to as 'mutual authentication'.</p>
<labelfor="legacymode-mutualauthentication-wanted"><b>Wanted</b> - Peer certificates are verified, but only when they are presented by the peer.</label>
<labelfor="legacymode-mutualauthentication-needed"><b>Needed</b> - A connection cannot be established if the peer does not present a valid certificate.</label>
<p>Accept plain-text connections, which, depending on the policy that is configured here, are upgraded to encrypted connections (using the STARTTLS protocol).</p>
<p>In addition to requiring peers to use encryption (which will force them to verify the security certificates of this Openfire instance) an additional level of security can be enabled. With this option, the server can be configured to verify certificates that are to be provided by the peers. This is commonly referred to as 'mutual authentication'.</p>
<labelfor="plaintext-mutualauthentication-wanted"><b>Wanted</b> - Peer certificates are verified, but only when they are presented by the peer.</label>
<labelfor="plaintext-mutualauthentication-needed"><b>Needed</b> - A connection cannot be established if the peer does not present a valid certificate.</label>
<p>Accept encrypted connections (as opposed to plain-text connections that are upgraded to encryption using STARTTLS). This type of connectivity is often referred to as the "legacy" method of establishing encrypted communications.</p>
<p>In addition to requiring peers to use encryption (which will force them to verify the security certificates of this Openfire instance) an additional level of security can be enabled. With this option, the server can be configured to verify certificates that are to be provided by the peers. This is commonly referred to as 'mutual authentication'.</p>
<labelfor="legacymode-mutualauthentication-wanted"><b>Wanted</b> - Peer certificates are verified, but only when they are presented by the peer.</label>
<labelfor="legacymode-mutualauthentication-needed"><b>Needed</b> - A connection cannot be established if the peer does not present a valid certificate.</label>