Hi, FYI, I discovered a (IMHO critical) bug in ejabberd that allows clients to connect with an unencrypted connection even if starttls_required is set. Clients should normally not do that anyway, but currently (at least some versions of) Miranda do. The bug affects all versions of ejabberd but is fixed in master[1] (thanks for the quick fix!).
To stop the bug from affecting you disable compression, ('zlib' in
c2s configuration) and find affected users with:
ejabberdctl connected_users_info | grep 'c2s_compressed\s'
You may kick affected user sessions and they should be able to reconnect
with encryption and without compression.
For those of you using my packages: Updates will be available shortly.
greetings, Mati
[1] https://github.com/processone/ejabberd/commit/7bdc1151b
--
I only read plain text mail! I prefer pgp|gpg signed & encrypted mails!
signature.asc
Description: Digital signature
