We have developed a chat application in both iOS and Android native platform , and all working fine with Port 5222- Plain Text communication. As part of securing the communication between client and server we have disabled Port 5222 and enabled Port 5223 in Client Server port settings. But its getting failed from the client side while connecting. Below is our library for iOS and Android
iOS : robbiehanson/XMPPFramework Android : Smack-android
Can somebody suggest best way to enable secure communication from Mobile app and Server ?
As always with security, there is no one-size-fits-all solution here. There are a couple of best practices, that I will describe below, but you will need to investigate how this best fits in your architecture.
XMPP connections typically are encrypted with TLS, which provides some of the security that you are looking for.
Typically, on port 5222, this is provided through the StartTLS mechanism (similar to what can be used with SMTP), while on port 5223, 'direct' TLS is used (akin to HTTPS).
Using TLS requires your server to identify itself with a security certificate, that is accepted by your clients. Typically, this involves having your certificate signed by a certificate authority that is recognized by your client (and/or the OS on which the client software runs). For XMPP, your certificate needs to 'cover' a couple of different names, which is usually done through the subject and SAN extensions of the certificate. You likely want it to cover the XMPP domain name, 'sub'domains of that XMPP domain name (a wildcard certificate usually is most convenient), as well as the fully qualified hostname of the server that is running the server software.
Similar TLS setup will also apply to other connectivity to/from your XMPP server, which might involve connections to other XMPP servers, components, databases and directories.
Diving deeper into encryption, you could look at the specific ciphers that are used: some are more secure than others. Generally speaking, the default set that's provided by implementations offer a good balance between security and interoperability, but it might be worth investigating the details, if you are particularly leaning to one side of that balance.
Apart from encrypting the connection, an aspect that closely relates to 'security' is the manner in which authentication takes place. XMPP uses the SASL framework for authentication, which offers a selection of authentication mechanisms. Some mechanisms offer better security properties than others. Depending on the support offered by both you client and server software, you could choose to enable or disable certain mechanisms.