Re: Cipher suites in Jabberd2, disabling RC4

[Adrian Reber]

On Wed, Oct 26, 2016 at 01:08:28PM -0400, Pete Fuller wrote:
> Greetings, I am attempting to remove support for the RC4 cipher in TLS
> connections to Jabber2d, per results of a recent security audit.  I
> have done this for our web servers and other encrypted services
> already.  I am not finding any information as to how to make this
> change in jabber2d.  I’m using jabberd version 2.4 from the EPEL repo
> on Centos7.  The only info I could find on the list was someone asking
> this question a few years ago and being told it was an experimental
> feature.
> http://www.mail-archive.com/jabberd2@lists.xiaoka.com/msg02359.html
> 
> . I’m hoping this feature has been included in the release and I am
> just having issues finding that information.  

Looking at c2s.xml.dist.in (and s2s.xml.dist.in) for 2.4 I see:




and

 ciphers
 List of available TLS ciphers. The format of the string is
 described in https://www.openssl.org/docs/apps/ciphers.html

Looks you can just list the needed ciphers in those two files.

Adrian


signature.asc
Description: PGP signature

Cipher suites in Jabberd2, disabling RC4

[Pete Fuller]

Greetings,
I am attempting to remove support for the RC4 cipher in TLS connections to 
Jabber2d, per results of a recent security audit.  I have done this for our web 
servers and other encrypted services already.  I am not finding any information 
as to how to make this change in jabber2d.  
I’m using jabberd version 2.4 from the EPEL repo on Centos7.  The only info I 
could find on the list was someone asking this question a few years ago and 
being told it was an experimental feature. 
http://www.mail-archive.com/jabberd2@lists.xiaoka.com/msg02359.html 
 . I’m 
hoping this feature has been included in the release and I am just having 
issues finding that information.  

Thank You
Pete Fuller