Requires TLS for XMPP connection. If server does not support TLS, the GUI will show message telling user to tick a checkbox in the account configuration that will allow non-secure connection to XMPP server (disabled by default).

resources/languages/resources.properties

@@ -492,6 +492,7 @@ service.gui.SECURITY_WARNING=Security warning
 service.gui.SECURITY_ERROR=Security error
 service.gui.SPEED=Speed:
 service.gui.SILENT_MEMBER=silent member
+service.gui.NON_SECURE_CONNECTION=No secure connection can be made for account {0}. If you want to connect to non-secure server, please check \"Allow non-secure connection\" in your account configuration
 service.gui.UPDATE=Update
 
 service.gui.JANUARY=Jan
@@ -840,6 +841,7 @@ plugin.jabberaccregwizz.USE_UPNP=Use UPnP
 plugin.jabberaccregwizz.EXISTING_ACCOUNT=Existing Jabber account
 plugin.jabberaccregwizz.DOMAIN_BYPASS_CAPS=Domain that will use GTalk call
 plugin.jabberaccregwizz.TELEPHONY_DOMAIN=Telephony domain 
+plugin.jabberaccregwizz.ALLOW_NON_SECURE=Allow non-secure connection
 
 # mailbox
 plugin.mailbox.OUTGOING=Outgoing Message:

src/net/java/sip/communicator/impl/gui/main/login/LoginManager.java

@@ -155,7 +155,7 @@ public void registrationStateChanged(RegistrationStateChangeEvent evt)
             OperationSetPresence presence
                 = MainFrame.getProtocolPresenceOpSet(protocolProvider);
 
-            OperationSetMultiUserChat multiUserChat = 
+            OperationSetMultiUserChat multiUserChat =
                 mainFrame.getMultiUserChatOpSet(protocolProvider);
 
             if (presence != null)
@@ -170,7 +170,6 @@ public void registrationStateChanged(RegistrationStateChangeEvent evt)
                     .getChatRoomList().synchronizeOpSetWithLocalContactList(
                         protocolProvider, multiUserChat);
             }
-          
         }
         else if (newState.equals(RegistrationState.AUTHENTICATION_FAILED))
         {
@@ -202,6 +201,20 @@ else if (evt.getReasonCode() == RegistrationStateChangeEvent
                         .getI18NString("service.gui.ERROR"),
                     msgText).showDialog();
             }
+            else if (evt.getReasonCode() == RegistrationStateChangeEvent
+                                                .REASON_TLS_REQUIRED)
+            {
+                String msgText = GuiActivator.getResources().getI18NString(
+                    "service.gui.NON_SECURE_CONNECTION",
+                    new String[]
+                    { accountID.getAccountAddress() });
+
+                new ErrorDialog(
+                    null,
+                    GuiActivator.getResources()
+                        .getI18NString("service.gui.ERROR"),
+                    msgText).showDialog();
+            }
 
             if (logger.isTraceEnabled())
                 logger.trace(evt.getReason());
@@ -420,7 +433,7 @@ public void run()
                     GuiActivator.getResources()
                         .getI18NString("service.gui.LOGIN_GENERAL_ERROR",
                     new String[]
-                    { accountID.getUserID(), 
+                    { accountID.getUserID(),
                       accountID.getProtocolName(),
                       accountID.getService() }))
                 .showDialog();

src/net/java/sip/communicator/impl/protocol/jabber/JabberAccountID.java

@@ -219,4 +219,17 @@ public boolean isUPNPEnabled()
                 ProtocolProviderFactory.IS_USE_UPNP,
                 true);
     }
+
+    /**
+     * Determines whether this account's provider allow non-secure connection
+     *
+     * @return <tt>true</tt> if this provider would allow non-secure connection,
+     * <tt>false</tt> otherwise
+     */
+    public boolean allowNonSecureConnection()
+    {
+        return getAccountPropertyBoolean(
+                ProtocolProviderFactory.IS_ALLOW_NON_SECURE,
+                false);
+    }
 }

src/net/java/sip/communicator/impl/protocol/jabber/ProtocolProviderServiceJabberImpl.java

@@ -857,6 +857,16 @@ private ConnectState connectAndLogin(
         */
 
         confConn.setReconnectionAllowed(false);
+        // requires TLS by default (i.e. it will not connect to a non-TLS server
+        // and will not fallback to cleartext)
+        boolean tlsRequired = !accountID.getAccountPropertyBoolean(
+            ProtocolProviderFactory.IS_ALLOW_NON_SECURE, false);
+
+        // user have the possibility to disable TLS but in this case, it will
+        // not be able to connect to a server which requires TLS
+        confConn.setSecurityMode(
+            tlsRequired ? ConnectionConfiguration.SecurityMode.required :
+                ConnectionConfiguration.SecurityMode.enabled);
 
         if(connection != null)
         {
@@ -908,6 +918,11 @@ private ConnectState connectAndLogin(
             connectionListener = new JabberConnectionListener();
         }
 
+        if(!connection.isSecureConnection() && tlsRequired)
+        {
+            throw new XMPPException("TLS is required by client");
+        }
+
         connection.addConnectionListener(connectionListener);
 
         if(abortConnecting)
@@ -1530,6 +1545,7 @@ private void fireRegistrationStateChanged(XMPPException ex)
     {
         int reason = RegistrationStateChangeEvent.REASON_NOT_SPECIFIED;
         RegistrationState regState = RegistrationState.UNREGISTERED;
+        String reasonStr = null;
 
         Throwable wrappedEx = ex.getWrappedThrowable();
         if(wrappedEx != null
@@ -1571,6 +1587,11 @@ else if(exMsg.indexOf("no response from the server") != -1
                 reason = RegistrationStateChangeEvent.REASON_NOT_SPECIFIED;
                 regState = RegistrationState.CONNECTION_FAILED;
             }
+            else if(exMsg.indexOf("tls is required") != -1)
+            {
+                regState = RegistrationState.AUTHENTICATION_FAILED;
+                reason = RegistrationStateChangeEvent.REASON_TLS_REQUIRED;
+            }
         }
 
         if(regState == RegistrationState.UNREGISTERED
@@ -1582,7 +1603,7 @@ else if(exMsg.indexOf("no response from the server") != -1
         }
 
         fireRegistrationStateChanged(
-            getRegistrationState(), regState, reason, null);
+            getRegistrationState(), regState, reason, reasonStr);
     }
 
     /**

src/net/java/sip/communicator/plugin/jabberaccregwizz/ConnectionPanel.java

@@ -76,6 +76,10 @@ public class ConnectionPanel
             Resources.getString("plugin.jabberaccregwizz.AUTORESOURCE"),
                 JabberAccountRegistration.DEFAULT_RESOURCE_AUTOGEN);
 
+    JCheckBox allowNonSecureBox = new JCheckBox(
+            Resources.getString("plugin.jabberaccregwizz.ALLOW_NON_SECURE"),
+            false);
+
     private final JabberAccountRegistrationForm parentForm;
 
     /**
@@ -137,6 +141,7 @@ public void removeUpdate(DocumentEvent evt)
         checkBoxesPanel.add(sendKeepAliveBox);
         checkBoxesPanel.add(gmailNotificationsBox);
         checkBoxesPanel.add(googleContactsBox);
+        checkBoxesPanel.add(allowNonSecureBox);
 
         final JPanel resourcePanel
                 = new TransparentPanel(new BorderLayout(10, 10));
@@ -369,4 +374,22 @@ boolean isAutogenerateResourceEnabled()
     {
         return autoGenerateResource.isSelected();
     }
+
+    /**
+     * Set allow non secure value.
+     * @param value the new value.
+     */
+    void setAllowNonSecure(boolean value)
+    {
+        this.allowNonSecureBox.setSelected(value);
+    }
+
+    /**
+     * Is non-TLS allowed.
+     * @return is non-TLS allowed
+     */
+    boolean isAllowNonSecure()
+    {
+        return allowNonSecureBox.isSelected();
+    }
 }

src/net/java/sip/communicator/plugin/jabberaccregwizz/JabberAccountRegistration.java

@@ -167,6 +167,11 @@ public class JabberAccountRegistration
      */
     private boolean isUseUPNP = false;
 
+    /**
+     * If non-TLS connection is allowed.
+     */
+    private boolean isAllowNonSecure = false;
+
     /**
      * Indicates if the server is overriden.
      */
@@ -680,6 +685,26 @@ public void setUseUPNP(boolean isUseUPNP)
         this.isUseUPNP = isUseUPNP;
     }
 
+    /**
+     * Indicates if non-TLS is allowed for this account
+     * @return <tt>true</tt> if non-TLS is allowed for this account, otherwise
+     * returns <tt>false</tt>
+     */
+    public boolean isAllowNonSecure()
+    {
+        return isAllowNonSecure;
+    }
+
+    /**
+     * Sets the <tt>isAllowNonSecure</tt> property.
+     * @param isAllowNonSecure <tt>true</tt> to indicate that non-TLS is allowed
+     * for this account, <tt>false</tt> - otherwise.
+     */
+    public void setAllowNonSecure(boolean isAllowNonSecure)
+    {
+        this.isAllowNonSecure = isAllowNonSecure;
+    }
+
     /**
      * Is resource auto generate enabled.
      *

src/net/java/sip/communicator/plugin/jabberaccregwizz/JabberAccountRegistrationForm.java

@@ -316,6 +316,8 @@ public boolean commitPage(JabberAccountRegistration registration)
 
         registration.setUseUPNP(iceConfigPanel.isUseUPNP());
 
+        registration.setAllowNonSecure(connectionPanel.isAllowNonSecure());
+
         registration.setTelephonyDomainBypassCaps(
             telephonyConfigPanel.getTelephonyDomainBypassCaps());
         registration.setOverridePhoneSufix(
@@ -494,6 +496,14 @@ public void loadAccount(AccountID accountID)
 
         iceConfigPanel.setUseUPNP(isUseUPNP);
 
+        String allowNonSecure =
+            accountProperties.get(ProtocolProviderFactory.IS_ALLOW_NON_SECURE);
+        boolean isAllowNonSecure = Boolean.parseBoolean(
+                (allowNonSecure != null && allowNonSecure.length() != 0)
+                ? allowNonSecure : "false");
+
+        connectionPanel.setAllowNonSecure(isAllowNonSecure);
+
         wizard.getRegistration().setServerOverridden(
             accountID.getAccountPropertyBoolean(
                     ProtocolProviderFactory.IS_SERVER_OVERRIDDEN,

src/net/java/sip/communicator/plugin/jabberaccregwizz/JabberAccountRegistrationWizard.java

@@ -404,6 +404,9 @@ protected ProtocolProviderService installAccount(
         accountProperties.put(ProtocolProviderFactory.IS_USE_UPNP,
                 String.valueOf(registration.isUseUPNP()));
 
+        accountProperties.put(ProtocolProviderFactory.IS_ALLOW_NON_SECURE,
+            String.valueOf(registration.isAllowNonSecure()));
+
         if (isModification())
         {
             providerFactory.modifyAccount(  protocolProvider,

src/net/java/sip/communicator/service/protocol/ProtocolProviderFactory.java

@@ -207,7 +207,7 @@ public abstract class ProtocolProviderFactory
      * The name of the property which defines the ID of the client TLS
      * certificate configuration entry.
      */
-    public static final String CLIENT_TLS_CERTIFICATE = 
+    public static final String CLIENT_TLS_CERTIFICATE =
         "CLIENT_TLS_CERTIFICATE";
 
     /**
@@ -359,6 +359,11 @@ public abstract class ProtocolProviderFactory
      */
     public static final String IS_USE_UPNP = "UPNP_ENABLED";
 
+    /**
+     * Indicates if we allow non-TLS connection.
+     */
+    public static final String IS_ALLOW_NON_SECURE = "ALLOW_NON_SECURE";
+
     /**
      * Address used to reach voicemail box, by services able to
      * subscribe for voicemail new messages notifications.

src/net/java/sip/communicator/service/protocol/event/RegistrationStateChangeEvent.java

@@ -92,13 +92,18 @@ public class RegistrationStateChangeEvent extends PropertyChangeEvent
      */
     public static final int REASON_SERVER_NOT_FOUND = 8;
 
+    /**
+     * Indicates that the specified server does not support TLS and the has
+     * required TLS use.
+     */
+    public static final int REASON_TLS_REQUIRED = 9;
+
     /**
      * The reason code returned by the server in order to explain the state
      * transition.
      */
     private final int reasonCode;
 
-
     /**
      * A (non localized) String containing information further explaining the
      * reason code.