-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/4/13 3:18 PM, Sergio Durigan Junior wrote: > On Monday, November 04 2013, Justin T. Pryzby wrote: > >> If you mean in C2S: <id require-starttls='1'>. >> >> You can also set <ssl-port>5223</ssl-port>, which will naturally >> reject anything that's not valid SSL (different from >> xmpp+starttls). > > Also, if you want to allow *only* encrypted connections between > server-to-server, you will want to look at your s2s.xml, and > uncomment <require_tls/>: > > <security> <!-- Require TLS secured S2S connections --> <!-- > <require_tls/> --> > > Don't forget to uncomment the <pemfile>...<pemfile/> tags as well.
Thanks. I've passed this along to my colleague at the IETF. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSeCwPAAoJEOoGpJErxa2pJYEQAKjof4xlP136jB8NVN5FGPMu F3Kbc8GHvKHM7JoDsxms3sYWWf7YyI+yxbCMpcrOPF8PmU6axjvaAKuGr36/YdDG xhs9HGsfEDtY7LjE06Hm8ahgi7UX1lI10FpsQmEC6Ofs49gTDLHrA6W5vZfkAMi/ ifohe/mcj8yJeZkzn5T2yKjAWO4FG1KUSV049EycYIf29PXEzYGOkEa0zd5AX41U uVddo5VKxR8DeQctnwaFkuqigobHmS+GsI+UpitQiekbkVwjakdfbXQbkngbABtB p5OP8Xof31ytaBOSnDMdy8hsQMiWMqbyxmvsvAQZksoMfaO4dOx4WHksD+b+ROvp X8yLtczJZWiyPhVZd0gzgJRFizIYiwSwiMlEJxAHOup3FUGDNaeuGobpuuYZ0ICM AerH3dZjA9cDKZocOCqt6Dv3tXCmkQYtbLUK0WTtN9afuJAW+xwAcsrbIyn1US9J LfMj/SMf08YEbo7OWOdjg5j1fNxMfbDbmdKQ/IRSzIPrHhjtGIZcPFUWKWybDaHl yIuU8TMH4L8YNmi+7I0idTwcbV9OP8VjHczgC7Naz6KZW7vc76iixCw37QWm87aq e0q2l+kzbfLus1NxYnKXLuULwzMgjUKTikJ+wIwIHyENFVJxYe6qQOddx0wrS5oq AMIJGZOfoo5Uxnu0HWpF =RyMH -----END PGP SIGNATURE-----