2014-05-19 13:19 skrev Kevin Smith:
As mentioned earlier in this thread, this isn't the case, and whether
people trust individual CAs or not is tangential. Today's change is to
require encryption, not to do authentication with the provided certs.
Thanks.
Yeah, I noticed now that there were two separate settings for this in my
prosody config for s2s TLS. They are now configured to the following:
s2s_require_encryption = true
s2s_secure_auth = false
Which I believe is what me and perhaps quite a lot of others who have
not actively participated in the TLS transition might have missed.
I can only assume other software have the same kind of separation of TLS
configuration.
--
Mikael Nordfeldth
http://blog.mmn-o.se/
XMPP/mail: [email protected]
