Re: jabberd2 encryption HOWTO
Dnia 2013-11-04, pon o godzinie 14:41 -0800, Peter Saint-Andre pisze: Would someone in the jabberd2 community consider writing a brief howto about configuring jabberd2 so that it allows only encypted connections? Our separate documentation tends to rot, so the only authoritative (and actively maintained) source is the comments in the configuration files themselves. :-) https://github.com/jabberd2/jabberd2/blob/master/etc/s2s.xml.dist.in#L300 -- Tomasz Sterna @ http://abadcafe.pl/ @ http://www.xiaoka.com/
Re: jabberd2 encryption HOWTO
On Tue, 05 Nov 2013 10:45:49 +0100 Tomasz Sterna wrote: Dnia 2013-11-04, pon o godzinie 14:41 -0800, Peter Saint-Andre pisze: Would someone in the jabberd2 community consider writing a brief howto about configuring jabberd2 so that it allows only encypted connections? Our separate documentation tends to rot, so the only authoritative (and actively maintained) source is the comments in the configuration files themselves. :-) https://github.com/jabberd2/jabberd2/blob/master/etc/s2s.xml.dist.in#L300 imho + check https://github.com/jabberd2/jabberd2/blob/master/etc/s2s.xml.dist.in#L122
Re: jabberd2 encryption HOWTO
On Mon, Nov 04, 2013 at 02:41:16PM -0800, Peter Saint-Andre wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Would someone in the jabberd2 community consider writing a brief howto about configuring jabberd2 so that it allows only encypted connections? Someone at the IETF meeting asked me about it just now and I didn't have any pointers for him. If you mean in C2S: id require-starttls='1'. You can also set ssl-port5223/ssl-port, which will naturally reject anything that's not valid SSL (different from xmpp+starttls). Justin
Re: jabberd2 encryption HOWTO
On Monday, November 04 2013, Justin T. Pryzby wrote: If you mean in C2S: id require-starttls='1'. You can also set ssl-port5223/ssl-port, which will naturally reject anything that's not valid SSL (different from xmpp+starttls). Also, if you want to allow *only* encrypted connections between server-to-server, you will want to look at your s2s.xml, and uncomment require_tls/: security !-- Require TLS secured S2S connections -- !-- require_tls/ -- Don't forget to uncomment the pemfile...pemfile/ tags as well. -- Sergio
Re: jabberd2 encryption HOWTO
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/4/13 3:18 PM, Sergio Durigan Junior wrote: On Monday, November 04 2013, Justin T. Pryzby wrote: If you mean in C2S: id require-starttls='1'. You can also set ssl-port5223/ssl-port, which will naturally reject anything that's not valid SSL (different from xmpp+starttls). Also, if you want to allow *only* encrypted connections between server-to-server, you will want to look at your s2s.xml, and uncomment require_tls/: security !-- Require TLS secured S2S connections -- !-- require_tls/ -- Don't forget to uncomment the pemfile...pemfile/ tags as well. Thanks. I've passed this along to my colleague at the IETF. Peter - -- Peter Saint-Andre https://stpeter.im/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSeCwPAAoJEOoGpJErxa2pJYEQAKjof4xlP136jB8NVN5FGPMu F3Kbc8GHvKHM7JoDsxms3sYWWf7YyI+yxbCMpcrOPF8PmU6axjvaAKuGr36/YdDG xhs9HGsfEDtY7LjE06Hm8ahgi7UX1lI10FpsQmEC6Ofs49gTDLHrA6W5vZfkAMi/ ifohe/mcj8yJeZkzn5T2yKjAWO4FG1KUSV049EycYIf29PXEzYGOkEa0zd5AX41U uVddo5VKxR8DeQctnwaFkuqigobHmS+GsI+UpitQiekbkVwjakdfbXQbkngbABtB p5OP8Xof31ytaBOSnDMdy8hsQMiWMqbyxmvsvAQZksoMfaO4dOx4WHksD+b+ROvp X8yLtczJZWiyPhVZd0gzgJRFizIYiwSwiMlEJxAHOup3FUGDNaeuGobpuuYZ0ICM AerH3dZjA9cDKZocOCqt6Dv3tXCmkQYtbLUK0WTtN9afuJAW+xwAcsrbIyn1US9J LfMj/SMf08YEbo7OWOdjg5j1fNxMfbDbmdKQ/IRSzIPrHhjtGIZcPFUWKWybDaHl yIuU8TMH4L8YNmi+7I0idTwcbV9OP8VjHczgC7Naz6KZW7vc76iixCw37QWm87aq e0q2l+kzbfLus1NxYnKXLuULwzMgjUKTikJ+wIwIHyENFVJxYe6qQOddx0wrS5oq AMIJGZOfoo5Uxnu0HWpF =RyMH -END PGP SIGNATURE-