-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/6/13 10:40 AM, Peter Saint-Andre wrote: > On 8/28/13 10:14 AM, Simon Tennant wrote: >> I'm attempting to gather the details in one place on how to >> secure XMPP servers C2S and S2S traffic: > >> http://wiki.xmpp.org/web/Securing_XMPP > > Thanks. > > As you've seen from the news over the last 24 hours, things are > even worse than we thought. > > Among other things, forcing the use of SSL/TLS is not enough. We > need to be careful about what ciphersuites we allow. Some of the > older, weaker ciphersuites need to be disabled (e.g., RC4 / MD5). > We need to start preferring ciphersuites that enable perfect > forward secrecy (PFS).
To be clear, those are suites with EDH/DHE/ECDH in the name. It would be interesting to see how widely those are supported in current XMPP software. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSKhk7AAoJEOoGpJErxa2pY0QQAK4/slD+6F1Ap4ftz2iJ9vX2 ulbRYrkJYiMURNq77ruX2XUNelgmxT75nYX5gwsQ1D3VCy8BP/81s0NdtF/icdzP gvuFJEaCHxGpqnTCdPGajqPXiw6L0CLU934esTEAX71V1xNoEueVtjjroGWvaBmL kVBg+hVxELwqXGWHgr8s5HBZk8akSydCnz8wRFHgObYiE3TLTdEHqpzaDsM9UTpu 9zavsE4ZvZRIwQ8cM1jQdzYjxV821Iilye3wE/Xhpjpy/xvVWhBbiyzFMdOXMSge jIDkJ2F6T0FugWYJqtDj+F/pGSYVkrkgvHypzfWBkRTjwM8kx97ZEGNi8hON1kUS VVhy5eBEoRleuBkuO/iAJBbgQI9lkbaGvXix7+EBC+1+YLiw2GSnzq/r9Yg8WqH6 4XXV4wZCIsLibqdSaBsswVh3yWTVoordVfQAoSBrXjscc79FrunJa+0UUvtGKebp jTRRjGk8u+uGXBiLGDiY1RInFAd6izliaiKri3SxFfDATqsMtm/0xdK5GlvYdP3J OkUXdDbjurPcqvQqK4esaVzb7hWvTGtnU3fcEj2xvCRmAG0XYxZAsZ3Vm3r3O/7v XkQNnILp8tH1FbP+nv48BERiAa7A8CZJXCZhnQFae6AHaH4UjCt6lqth2iDMTSFh PkNHpT9lo8dQy0dgXwZa =sDru -----END PGP SIGNATURE----- _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________
