-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/4/13 3:18 PM, Sergio Durigan Junior wrote:
> On Monday, November 04 2013, Justin T. Pryzby wrote:
> 
>> If you mean in C2S: <id require-starttls='1'>.
>> 
>> You can also set <ssl-port>5223</ssl-port>, which will naturally 
>> reject anything that's not valid SSL (different from
>> xmpp+starttls).
> 
> Also, if you want to allow *only* encrypted connections between 
> server-to-server, you will want to look at your s2s.xml, and
> uncomment <require_tls/>:
> 
> <security> <!-- Require TLS secured S2S connections --> <!-- 
> <require_tls/> -->
> 
> Don't forget to uncomment the <pemfile>...<pemfile/> tags as well.

Thanks. I've passed this along to my colleague at the IETF.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSeCwPAAoJEOoGpJErxa2pJYEQAKjof4xlP136jB8NVN5FGPMu
F3Kbc8GHvKHM7JoDsxms3sYWWf7YyI+yxbCMpcrOPF8PmU6axjvaAKuGr36/YdDG
xhs9HGsfEDtY7LjE06Hm8ahgi7UX1lI10FpsQmEC6Ofs49gTDLHrA6W5vZfkAMi/
ifohe/mcj8yJeZkzn5T2yKjAWO4FG1KUSV049EycYIf29PXEzYGOkEa0zd5AX41U
uVddo5VKxR8DeQctnwaFkuqigobHmS+GsI+UpitQiekbkVwjakdfbXQbkngbABtB
p5OP8Xof31ytaBOSnDMdy8hsQMiWMqbyxmvsvAQZksoMfaO4dOx4WHksD+b+ROvp
X8yLtczJZWiyPhVZd0gzgJRFizIYiwSwiMlEJxAHOup3FUGDNaeuGobpuuYZ0ICM
AerH3dZjA9cDKZocOCqt6Dv3tXCmkQYtbLUK0WTtN9afuJAW+xwAcsrbIyn1US9J
LfMj/SMf08YEbo7OWOdjg5j1fNxMfbDbmdKQ/IRSzIPrHhjtGIZcPFUWKWybDaHl
yIuU8TMH4L8YNmi+7I0idTwcbV9OP8VjHczgC7Naz6KZW7vc76iixCw37QWm87aq
e0q2l+kzbfLus1NxYnKXLuULwzMgjUKTikJ+wIwIHyENFVJxYe6qQOddx0wrS5oq
AMIJGZOfoo5Uxnu0HWpF
=RyMH
-----END PGP SIGNATURE-----


Reply via email to