-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/4/13 3:18 PM, Sergio Durigan Junior wrote:
On Monday, November 04 2013, Justin T. Pryzby wrote:
If you mean in C2S: id require-starttls='1'.
You can also set ssl-port5223/ssl-port, which will naturally
reject anything that's not valid SSL (different from
xmpp+starttls).
Also, if you want to allow *only* encrypted connections between
server-to-server, you will want to look at your s2s.xml, and
uncomment require_tls/:
security !-- Require TLS secured S2S connections -- !--
require_tls/ --
Don't forget to uncomment the pemfile...pemfile/ tags as well.
Thanks. I've passed this along to my colleague at the IETF.
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJSeCwPAAoJEOoGpJErxa2pJYEQAKjof4xlP136jB8NVN5FGPMu
F3Kbc8GHvKHM7JoDsxms3sYWWf7YyI+yxbCMpcrOPF8PmU6axjvaAKuGr36/YdDG
xhs9HGsfEDtY7LjE06Hm8ahgi7UX1lI10FpsQmEC6Ofs49gTDLHrA6W5vZfkAMi/
ifohe/mcj8yJeZkzn5T2yKjAWO4FG1KUSV049EycYIf29PXEzYGOkEa0zd5AX41U
uVddo5VKxR8DeQctnwaFkuqigobHmS+GsI+UpitQiekbkVwjakdfbXQbkngbABtB
p5OP8Xof31ytaBOSnDMdy8hsQMiWMqbyxmvsvAQZksoMfaO4dOx4WHksD+b+ROvp
X8yLtczJZWiyPhVZd0gzgJRFizIYiwSwiMlEJxAHOup3FUGDNaeuGobpuuYZ0ICM
AerH3dZjA9cDKZocOCqt6Dv3tXCmkQYtbLUK0WTtN9afuJAW+xwAcsrbIyn1US9J
LfMj/SMf08YEbo7OWOdjg5j1fNxMfbDbmdKQ/IRSzIPrHhjtGIZcPFUWKWybDaHl
yIuU8TMH4L8YNmi+7I0idTwcbV9OP8VjHczgC7Naz6KZW7vc76iixCw37QWm87aq
e0q2l+kzbfLus1NxYnKXLuULwzMgjUKTikJ+wIwIHyENFVJxYe6qQOddx0wrS5oq
AMIJGZOfoo5Uxnu0HWpF
=RyMH
-END PGP SIGNATURE-