The TLS-Exporter Channel Binding plugin adds support for the tls-exporter channel binding to the Openfire real-time communications server.
Channel binding is a security mechanism that cryptographically ties authentication at the application layer to the underlying secure transport (such as TLS). This helps prevent certain types of man-in-the-middle attacks by ensuring that both parties are using the same secure channel. The tls-exporter channel binding type is defined in RFC 9266.
Openfire supports channel binding since version 5.1.0. This plugin specifically adds support for the tls-exporter channel binding type, which is only available in Java 25 and newer.
The functionality provided by this plugin requires Java 25 or later. As Openfire currently requires only Java 17 or later, this feature is provided as a plugin so that administrators running Openfire with Java 25+ can benefit from it. Once Openfire increases its minimum Java version to 25 or later, this plugin will likely be discontinued and its functionality merged into Openfire core.
tlsexportercb.jar file into the plugins directory of your Openfire installation.Issues may be reported to the Ignite Realtime forums or via this repo's GitHub Issues.
Logo icons from Font Awesome Free 7.2.0 by @fontawesome - License - Copyright 2026 Fonticons, Inc.