Re: jabberd2 encryption HOWTO
On Tue, 05 Nov 2013 10:45:49 +0100 Tomasz Sterna wrote: > Dnia 2013-11-04, pon o godzinie 14:41 -0800, Peter Saint-Andre pisze: > > Would someone in the jabberd2 community consider writing a brief howto > > about configuring jabberd2 so that it allows only encypted > > connections? > > Our separate documentation tends to rot, so the only authoritative (and > actively maintained) source is the comments in the configuration files > themselves. :-) > > https://github.com/jabberd2/jabberd2/blob/master/etc/s2s.xml.dist.in#L300 > imho + check https://github.com/jabberd2/jabberd2/blob/master/etc/s2s.xml.dist.in#L122
Re: jabberd2 encryption HOWTO
Dnia 2013-11-04, pon o godzinie 14:41 -0800, Peter Saint-Andre pisze: > Would someone in the jabberd2 community consider writing a brief howto > about configuring jabberd2 so that it allows only encypted > connections? Our separate documentation tends to rot, so the only authoritative (and actively maintained) source is the comments in the configuration files themselves. :-) https://github.com/jabberd2/jabberd2/blob/master/etc/s2s.xml.dist.in#L300 -- Tomasz Sterna @ http://abadcafe.pl/ @ http://www.xiaoka.com/
Re: jabberd2 encryption HOWTO
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/4/13 3:18 PM, Sergio Durigan Junior wrote: > On Monday, November 04 2013, Justin T. Pryzby wrote: > >> If you mean in C2S: . >> >> You can also set 5223, which will naturally >> reject anything that's not valid SSL (different from >> xmpp+starttls). > > Also, if you want to allow *only* encrypted connections between > server-to-server, you will want to look at your s2s.xml, and > uncomment : > > > > Don't forget to uncomment the ... tags as well. Thanks. I've passed this along to my colleague at the IETF. Peter - -- Peter Saint-Andre https://stpeter.im/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSeCwPAAoJEOoGpJErxa2pJYEQAKjof4xlP136jB8NVN5FGPMu F3Kbc8GHvKHM7JoDsxms3sYWWf7YyI+yxbCMpcrOPF8PmU6axjvaAKuGr36/YdDG xhs9HGsfEDtY7LjE06Hm8ahgi7UX1lI10FpsQmEC6Ofs49gTDLHrA6W5vZfkAMi/ ifohe/mcj8yJeZkzn5T2yKjAWO4FG1KUSV049EycYIf29PXEzYGOkEa0zd5AX41U uVddo5VKxR8DeQctnwaFkuqigobHmS+GsI+UpitQiekbkVwjakdfbXQbkngbABtB p5OP8Xof31ytaBOSnDMdy8hsQMiWMqbyxmvsvAQZksoMfaO4dOx4WHksD+b+ROvp X8yLtczJZWiyPhVZd0gzgJRFizIYiwSwiMlEJxAHOup3FUGDNaeuGobpuuYZ0ICM AerH3dZjA9cDKZocOCqt6Dv3tXCmkQYtbLUK0WTtN9afuJAW+xwAcsrbIyn1US9J LfMj/SMf08YEbo7OWOdjg5j1fNxMfbDbmdKQ/IRSzIPrHhjtGIZcPFUWKWybDaHl yIuU8TMH4L8YNmi+7I0idTwcbV9OP8VjHczgC7Naz6KZW7vc76iixCw37QWm87aq e0q2l+kzbfLus1NxYnKXLuULwzMgjUKTikJ+wIwIHyENFVJxYe6qQOddx0wrS5oq AMIJGZOfoo5Uxnu0HWpF =RyMH -END PGP SIGNATURE-
Re: jabberd2 encryption HOWTO
On Monday, November 04 2013, Justin T. Pryzby wrote: > If you mean in C2S: . > > You can also set 5223, which will naturally > reject anything that's not valid SSL (different from xmpp+starttls). Also, if you want to allow *only* encrypted connections between server-to-server, you will want to look at your s2s.xml, and uncomment : Don't forget to uncomment the ... tags as well. -- Sergio
Re: jabberd2 encryption HOWTO
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/4/13 3:08 PM, Justin T Pryzby wrote: > On Mon, Nov 04, 2013 at 02:41:16PM -0800, Peter Saint-Andre wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> Would someone in the jabberd2 community consider writing a brief >> howto about configuring jabberd2 so that it allows only encypted >> connections? Someone at the IETF meeting asked me about it just >> now and I didn't have any pointers for him. > If you mean in C2S: . > > You can also set 5223, which will naturally > reject anything that's not valid SSL (different from > xmpp+starttls). Yes, I'm aware of the difference between SSL/TLS 5223 and STARTTLS on 5222, since I authored the XMPP RFCs. ;-) I am specifically interested in s2s, consistent with the encryption manifesto: https://github.com/stpeter/manifesto Thanks! Peter - -- Peter Saint-Andre https://stpeter.im/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSeCnOAAoJEOoGpJErxa2pQP4P/RFBcoUVLmGhs0uJma+huXmA gtEZgNq0UZ1qbMa0f9hg1+hFHGAyy1NqrnEqzU5uEOg8ttCb4JN+L2T2JC3HhsrO NQSMcn87ufxDBAF/FEhsfUK0IooeXZuv9Vb5SQxs6hx9A2Hwx3cO7T7PvDbPYBWd n0QEGmPRNFqvNpX4iqvjcx/mHbcCzrhWyuZWq7pj7261IOogHqEpREhHeWIGpASW /VlC0j/0a5M1ndlIpBqN4rqRYjqmZTN42YWEV7cCGUa9bPaT2Z71tChpQIeY6USw Y7j2ZOfN9tMFIkq3IC1sJrZVcUgmILScx/GYOz1prIIuu0srTGSTOwD1EmsSuToU Id/UQ80ExdbJx8OkPT1dCmcabeoh42z4VHpm7LTIVzgXu9m6H2GO9AmcmG/Dsowc DPwVm63q6fbAjUfUgRPzCaIC0GG3al15siWtKYJ3x/cLYVSTPizhizAoCaR6A5p/ SR3rwChUMMA/XOrV3/JjFWsnV+pA816SmPTLKbiwDI5+lCXsR6kigk64BzDVXu6g kc5V2p0fi7gi9CxPt8sCoDDRxEfwWTCNV+4yrS4aeZEKQgCOVjjQ/Xe6fbO3q3xF n+qPl1S4bjSxoEavo0ZxBz9XxbwkayLGYv73v76/d/C9cKPmZV7hisOAKBuXCjTQ ab9Y+bYC9XXG0P841hLH =sYlj -END PGP SIGNATURE-
Re: jabberd2 encryption HOWTO
On Mon, Nov 04, 2013 at 02:41:16PM -0800, Peter Saint-Andre wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Would someone in the jabberd2 community consider writing a brief howto > about configuring jabberd2 so that it allows only encypted > connections? Someone at the IETF meeting asked me about it just now > and I didn't have any pointers for him. If you mean in C2S: . You can also set 5223, which will naturally reject anything that's not valid SSL (different from xmpp+starttls). Justin
jabberd2 encryption HOWTO
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Would someone in the jabberd2 community consider writing a brief howto about configuring jabberd2 so that it allows only encypted connections? Someone at the IETF meeting asked me about it just now and I didn't have any pointers for him. Thanks! Peter - -- Peter Saint-Andre https://stpeter.im/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSeCKMAAoJEOoGpJErxa2pZgwP/17JmIsh2WdKJ9wtoSN4xpPf Qj/DMXB54EX+0QBv0dfTN/qj5kVbWQiBZPZCbUTM+EYfQwLM6vi4c1wsGg11SJIu T1lIGrZRe0OPjhsnGpmFCCk9674xRLdCkOxOPnxRIFyiZHORqgGe9XFQCa8GdshF 6yXnUTX2C64s5lIuH2QHmG4aKuQn8MdPN09oA0y1XgNH9UDp6TSsAak+BEmJzIZ2 y79KkIcGBF+RL/POLUW0iiCeXq7qtOZ2U3ZaqaJeLfF9dwrEKBQIWQHyRd4uANB5 I57LHwHJWcfMRvlGoLXNUAwXC0uU5xtz85hY4QFuurt8OhadWD9UW8lY0F5fHqHm zHDD+n2RqnqhjoMgMIi6dqE9FYTDwGdcHLRm9/bmrcyiDKPO8c1GDMWU1OIb0mqU q8oh4vsu3KmZQd7N2+1N19KOJwIYXYRFZ+eNg8OX1qOXunMiKD4QdMDiJ93V1F/h 7JOtz0PhLWUKJV2BaAa7az7SM+fp6z7mYSyaHxGlEi6eyWASYLS2yQiQniH/8qpr FIgHTLi0B0ZoI29wVnlWGLNPcCkceG0e2Ffumq7PVaSLMr03+TUuLZEC7p2DIYHL tIoQ6ri0yVI8AkHwTQXLGhDLv7bk6HoRu1vPvY/s66dl8qaS3fnnXDJHdLbxSyFG EwRV4LAY1SRonJTYb8Ot =FEk4 -END PGP SIGNATURE-
