The trashserver.net XMPP server is operated with Prosody 0.10 (stable) in the latest version.
- 0368: XMPP over TLS (enables cloaked connections e.g. in hotel WLANs)
- 0163: PEP (Avatare)
- 0191: Blocking
- 0198: Stream Management
- 0237: Roster Versioning
- 0280: Message Carbons
- 0352: CSI
- 0363: HTTP File Upload
- 0313: Message Archive Management (MAM)
- 0357: Push Notifications
… and many more.
Compatibility / Compliance
Encryption and security
- Clients can only establish encrypted connections. Unencrypted communication is not possible.
- External XMPP servers can only communicate with trashserver.net via secure connections. Unencrypted or otherwise insecure connections are not possible. This includes server-to-server connections with:
- Expired certificates
- Incorrectly configured TLS
- Certificates from non-recognized CAs
Self signed certificates are not accepted for practical reasons, because the server must be able to determine the validity of foreign certificates immediately (!) and independently (!).
The CaCert root certificate was imported especially for the jabber.ccc.de server. Exceptions for self-signed certificates are not made.
See also: More security through serious XMPP encryption [German]
List of servers to which no secure connection can be established: (Continuously updated list) https://xmpp.trashserver.net/insecure-servers
Passwords are hashed and stored in the database. By default, the authentication method SCRAM-SHA-1 is used. Clients that do not support this procedure can log on in plain text (but only via an encrypted connection!).
The DNS entries for trashserver.net are DNSSEC signed and can be verified.
The outdated encryption protocols SSLv2, SSLv3 and TLSv1 cannot be used to connect to the server.
HTTP-Bind for web clients
Access via TOR Hidden Service
For all TOR fans I offer a hidden service that allows client-to-server connections to the XMPP server. The address is:
Note: It is not possible (and also not necessary) to offer a valid TLS certificate for the.onion address. Since access via.onion is already sufficiently secured, a check of the offered TLS certificate can be omitted. However, this does not apply to access via TOR and trashserver.net address (without.onion link)!
Note: The http_upload module also works with the normal DNS and classic connections to the Internet when using the.onion address. A “normal” Internet connection must therefore be possible in parallel for its function.
- Maximum message backlog for MUCs: 500 Messages
- Maximum file size for uploads (http_upload): 50 MB