This config disables protocols from SSLv2 up to TLSv1.1 and allows only “modern” ( as of 2016) protocol TLSv1.2 and related ciphers. ProcessOne team stands on the point that security is one of the primary factors thus we will recommend strong settings but also provide compatibility for reference only for those who want and need to retain support for insecure, legacy clients and servers but understand that this settings may jeopardize security and privacy. Looking for even more enterprise-grade security advice on ejabberd?Ĭontact our experts » ejabberd TLS settings: recommended vs compatibilityįor many years security was something that was not primary concern in many cases in internet standards.
s2s_protocol_options: List of supported SSL protocols.
Ejabberd chat security full#
s2s_dhfile: Full path to a file containing custom DH parameters.s2s_use_starttls: This option defines if s2s connections are encrypted.tls_compression: Whether to enable or disable ejabberd TLS compression.This method is nowadays deprecated and not recommended tls: This option specifies that traffic on the port will be encrypted using SSL immediately after connecting.starttls_required: This option specifies that STARTTLS encryption is required on connections to the port.starttls: This option specifies that STARTTLS encryption is available on connections to the port.dhfile: Full path to a file containing custom parameters for Diffie-Hellman key exchange.protocol_options: List of supported SSL protocols.ciphers: OpenSSL ciphers list in the same format accepted by ‘openssl ciphers’ command.
certfiles: List of full paths to files containing SSL certificates (available since ejabberd 17.11).Here is brief guide on setting up secure ejabberd TLS connections and keeping them private.Įjabberd have number of options that control security: In recent years security and privacy become central focus of users and system administrators.
0 kommentar(er)
