@jabberati @wolf480pl if the socket only accepts TLS the attack surface is very much hardened already and trusted that it will Do The Right Thing all the time and sanely handle anyone throwing bad data at it

if the socket accepts plaintext and has its own parsing of the data before the upgrade to TLS it gives attackers something much more interesting to work with that probably hasn't been as thoroughly fuzzed. I'm less interested in downgrade attacks as those are pretty much dead in the water for XMPP as TLS is "required" by the specs, but other attacks on the XMPP server itself.