<abstract>NOTE WELL: this specification was retracted on 2003-11-05 since the topic is addressed definitively in XMPP Core. Please refer to XMPP Core for further information.</abstract>
<remark>The status of this specification has been changed to Retracted since it has been superseded by &xmppcore;. This document will not be considered further by the Jabber Software Foundation and should not be used as a basis for implementations.</remark>
<p>The TLS protocol <note><linkurl="http://www.ietf.org/rfc/rfc2246.txt">RFC 2246</link></note> (formerly known as SSL) provides a way to secure an application protocol from tampering and eavesdropping. The option of using such security is desirable for Jabber due to common connection eavesdropping and hijacking attacks. <note>See <linkurl="http://www.ietf.org/rfc/rfc1704.txt">RFC 1704</link>, "On Internet Authentication."</note><note>This paragraph adapted from <linkurl="http://www.ietf.org/rfc/rfc2595.txt">RFC 2595</link>, section 1.</note></p>
<p>Traditionally, Jabber servers has supported TLS by utilising a "wrapper" around the standard protocol stream. This wrapper usually listens on a port other than those listed in the IANA registry <note>The Internet Assigned Numbers Authority defines jabber-client (port 5222) and jabber-server (port 5269) as the standard Jabber ports; see <linkurl='http://www.iana.org/assignments/port-numbers'>http://www.iana.org/assignments/port-numbers</link>.</note> (commonly 5223 for client-to-server communications and 5270 for server-to-server communications). In the case of client-to-server communications, clients must initiate a TLS session immediately after connecting, before beginning the normal XML stream. This method of utilising TLS is typical of many servers that implement stream-based protocols, but has a number of flaws, which are outlined in section 7 of <linkurl="http://www.ietf.org/rfc/rfc2595.txt">RFC 2595</link>. Accordingly, the use of port 5223 and port 5270 for secure sessions is deprecated.</p>
<p>This document describes an extension to the Jabber XML stream that provides a "STARTTLS" command which clients may invoke on an insecure stream to secure it. This extension is modelled on <linkurl="http://www.ietf.org/rfc/rfc2595.txt">RFC 2595</link>, which describes the STARTTLS extension for the IMAP <note><linkurl="http://www.ietf.org/rfc/rfc2060">RFC 2060</link></note>, POP3 <note><linkurl="http://www.ietf.org/rfc/rfc1939">RFC 1939</link></note> and ACAP <note><linkurl="http://www.ietf.org/rfc/rfc2244">RFC 2244</link></note> protocols. A future document (or an addition to this document) will define TLS support within server-to-server streams.</p>
</section1>
<section1topic='Protocol'>
<section2topic="Overview">
<p>This protocol operates over the standard Jabber client connection on port 5222.</p>
<p>The namespace identifier for this protocol is http://www.ietf.org/rfc/rfc2595.txt.</p>
<p>The following examples show the dialogue between a client [C] and a server [S].</p>
<p>
</p>
</section2>
<section2topic="Stream initialization">
<p>The client begins by requesting the use of STARTTLS as part of the normal Jabber stream negotiation. The server responds by informing the client whether or not it supports STARTTLS. It does this in the normal stream negotiation response:</p>
<p>To begin the TLS negotiation, the client issues the STARTTLS command:</p>
<examplecaption="STARTTLS request">
C: <tls:starttls/>
</example>
<p>When the server is ready to begin the TLS negotiation, it will close the XML stream, but will keep the underlying connection to the client open:</p>
<examplecaption="STARTTLS response">
S: </stream:stream>
</example>
<p>The client now begins a normal TLS negotiation by sending the TLS ClientHello command. Upon completion of the TLS negotiation, the client reissues the XML stream initialization:</p>
<p>TLS allows clients to be authenticated by verifying the certificate that they present during the TLS negotiation. This can be done in conjunction with the Jabber SASL profile (see &xep0034;) and the EXTERNAL mechanism.</p>
<p>If a client authenticates with a certificate using the TLS authentication, and the client requests the use of SASL in the second XML stream negotiation (over the secure channel), servers supporting certificate-based authentication should add the EXTERNAL mechanism to the list of supported authentication mechanisms. If the client then requests this mechanism, the server should automatically inform the user that authentication was successful. See &rfc2222; and <cite>XEP-0034</cite> for more information.</p>