The XMPP Blog

Security Test Day - it's fast approaching

In just 34 days the first full test run of ubiquitous security on the XMPP network will be attempted by many service operators.

Like the IPv6 test days, on the 4th January XMPP server operators are turning on TLS encryption for s2s and c2s connections and testing to see what doesn't work and what needs more work.

The participants of this effort would like you to join others in the XMPP community and help secure users private communications.

They are inviting you to join other operators and secure XMPP.

Answers to common questions:

Q: how do I test my site's security? A: use to run a test against your domain. For help enabling full TLS encryption, check out the Securing XMPP wiki page or contact your XMPP server vendor.

Q: But what if things break? A: This is a just a test. The changes will be rolled back on 5th January until the next test the following month.

Q: Can't you test this all before and then switch? A: In theory everything should work. In reality it's better to test, rollback, fix, re-test.

Q: I heard that Google doesn't do encrypted connections to non Gtalk servers. A: True: server to server connections on Google network are inescure. The XMPP Board has reached out to Google at different levels and will continue to work with Google to find a way to keep XMPP interoperability with Google servers.

Q: Where do I discuss this? A: Join the operators mailing list:

Q: I heard there is a manifesto? A: Indeed - if you are a server operator and want to publicly show your support for secure user communications, sign up (with a pull request) at

The operators are all looking forward to the go-live date of May 19, 2014 and excited for this huge step.

Thanks for playing your part.

edit: Changed the tone and voice of the article as it had previously implied that the XSF itself was running this Test Day rather than it being the community generated event that it is.

Posted by bear on November, 30, 2013 - filed under misc