HDA IM

XMPP server with full Forward secrecy

HDA IM Logo

I actually run two jabber servers, since 02-09-2017. Both with two virtual hosts one for hda.me, and another for www.hda.me. Virtual hosts share same database.
This means all contacts you add on hda.me or www.hda.me will be shared between servers and you can login using the same user credentials.

First virtual host use ECDSA certificate and support only strong ECC ciphers with Forward Secrecy. Second virtual host use 4096 bit dhparam, FS and strong ciphers still preferable, but this server can communicate without FS, but with strong enough ciphers, and this makes second server s2s (server-to-server) compatible with 90%+ xmmp servers in internet. Overall: I recommend you to use first virtual host, but if you have problem with communication with 3rd party xmmp server, you can use second virtual host.

Note: Really old clients (no SSLv3 or SSLv2 support on both servers) or some java clients (old java incompatible with DH parameters larger than 1024 bits) may not work with HDA XMMP server.

Technical information

hda.me

Cipher suitesBitsizeForward secrecyCurve/dhparam size
ECDHE-RSA-AES256-GCM-SHA384256Yescurve: secp521r1
ECDHE-RSA-AES256-SHA384256Yescurve: secp521r1
ECDHE-ECDSA-CHACHA20-POLY1305256Yescurve: secp521r1
ECDHE-RSA-CHACHA20-POLY1305256Yescurve: secp521r1
ECDHE-ECDSA-AES256-SHA384256Yescurve: secp521r1
ECDHE-RSA-AES256-SHA384256Yescurve: secp521r1
ECDHE-ECDSA-AES128-GCM-SHA256128Yescurve: secp521r1
ECDHE-RSA-AES128-GCM-SHA256128Yescurve: secp521r1

Protocols supported: TLSv1.1 TLSv1.2

www.hda.me

Cipher suitesBitsizeForward secrecyCurve/dhparam size
ECDHE-RSA-AES256-GCM-SHA384256Yescurve: secp521r1
ECDHE-RSA-AES256-SHA384256Yescurve: secp521r1
ECDHE-ECDSA-CHACHA20-POLY1305256Yescurve: secp521r1
ECDHE-RSA-CHACHA20-POLY1305256Yescurve: secp521r1
ECDHE-ECDSA-AES256-SHA384256Yescurve: secp521r1
ECDHE-RSA-AES256-SHA384256Yescurve: secp521r1
DHE-RSA-AES256-GCM-SHA384256Yesdhparam 4096
DHE-RSA-AES256-SHA256256Yesdhparam 4096
ECDHE-ECDSA-AES128-GCM-SHA256128Yescurve: secp521r1
ECDHE-RSA-AES128-GCM-SHA256128Yescurve: secp521r1
ECDHE-ECDSA-AES128-SHA256128Yescurve: secp521r1
ECDHE-RSA-AES128-SHA256128Yescurve: secp521r1
DHE-RSA-AES128-GCM-SHA256128Yesdhparam 4096
DHE-RSA-AES128-SHA256128Yesdhparam 4096
ECDHE-RSA-AES256-SHA256Yescurve: secp521r1
ECDHE-RSA-AES128-SHA128Yescurve: secp521r1
DHE-RSA-AES256-SHA256Yesdhparam 4096
DHE-RSA-AES128-SHA256Yesdhparam 4096
AES256-GCM-SHA384256No-
AES128-GCM-SHA256128No-
AES256-SHA256No-
AES128-SHA128No-

Protocols supported: TLSv1 TLSv1.1 TLSv1.2

IM Observatory hda.me report
IM Observatory www.hda.me report

IM Observatory and most clients without CHACHA20-POLY1305 support yet!

How to connect to HDA IM?

In case you new to jabber I decided to create short guide. I’ll use Pidgin as client for example.

  1. Install Pidgin

    # You can install pidgin with apt in Debian/Ubuntu
    sudo apt-get install pidgin
  2. Open Pidgin.
  3. Click the Accounts menu and then click Manage Accounts.
  4. Click Add.
  5. In the Protocol field, select XMPP.
  6. In the Username field, enter username you wish to use. For example, edwardshowden.
  7. In the Domain field, enter hda.me
  8. Resource field can be empty (it’s an optional value which “defines” your instance for others, if you have several devices you chat from).
  9. Password field can be empty (since you registering account)
  10. Check Create this new account on the server
  11. Click Add.
  12. Type password for your new account (Don’t forget your password. I can’t restore your account).

If you wish to use www.hda.me too, just do the same. But you can use your already registered on hda.me username and password.

Also in account window you may want to make you account always on. And you can set remember my password in settings too.

Privacy Policy

HDA IM

hda.me and www.hda.me jabber servers and im.hda.me website

Privacy Policy (signed)

If you need extra anonymity we recommend you use tor if you visiting im.hda.me website or using xmmp client.

You can use xmpp.hda.me domain with tor, that way you will bypass dns.