On Wed, Oct 26, 2016 at 01:08:28PM -0400, Pete Fuller wrote: > Greetings, I am attempting to remove support for the RC4 cipher in TLS > connections to Jabber2d, per results of a recent security audit. I > have done this for our web servers and other encrypted services > already. I am not finding any information as to how to make this > change in jabber2d. I’m using jabberd version 2.4 from the EPEL repo > on Centos7. The only info I could find on the list was someone asking > this question a few years ago and being told it was an experimental > feature. > http://www.mail-archive.com/jabberd2@lists.xiaoka.com/msg02359.html > <http://www.mail-archive.com/jabberd2@lists.xiaoka.com/msg02359.html> > . I’m hoping this feature has been included in the release and I am > just having issues finding that information.
Looking at c2s.xml.dist.in (and s2s.xml.dist.in) for 2.4 I see:
<!-- List of available TLS ciphers -->
<!--
<ciphers>DEFAULT</ciphers>
-->
and
ciphers
List of available TLS ciphers. The format of the string is
described in https://www.openssl.org/docs/apps/ciphers.html
Looks you can just list the needed ciphers in those two files.
Adrian
signature.asc
Description: PGP signature
