summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonas Smedegaard <dr@jones.dk>2017-01-18 18:04:44 +0100
committerJonas Smedegaard <dr@jones.dk>2017-01-18 18:04:44 +0100
commit6c9397a5224ae393d110e3ba1f0b59461554c800 (patch)
tree896db7612f2a19cbb797103e209282103880b1ef
parentccfe0921edb6d81ccf53135654fd364eea679140 (diff)
Tighten crypto, based on blog entry drawing from bettercrypto.org.
Diffstat
-rw-r--r--ejabberd/defs.yml9
1 files changed, 4 insertions, 5 deletions
diff --git a/ejabberd/defs.yml b/ejabberd/defs.yml
index aeb08f9..8c7a4f6 100644
--- a/ejabberd/defs.yml
+++ b/ejabberd/defs.yml
@@ -1,5 +1,4 @@
-# Origin: https://github.com/jabber-at/config
-# Origin: https://gitlab.com/hanno/ejabberd-config
+# https://feeding.cloud.geek.nz/posts/running-your-own-xmpp-server-debian-ubuntu/
# The default ciphers-setting is found here:
# https://github.com/processone/tls/blob/master/c_src/p1_tls_drv.c
@@ -10,7 +9,7 @@ define_macro:
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
- 'TLS_CIPHERS': "ECDH:DH:!CAMELLIA128:!3DES:!MD5:!RC4:!aNULL:!NULL:!EXPORT:!LOW:!MEDIUM"
- #'TLS_CIPHERS': "HIGH:!MEDIUM:!LOW:!3DES:!CAMELLIA:!aNULL:!RSA@STRENGTH"
- #'TLS_CIPHERS': "HIGH:!3DES:!aNULL:!SSLv2:@STRENGTH"
+ - "no_tlsv1_1"
+ - "cipher_server_preference"
+ 'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
CERT_PATH: "/etc/ejabberd/ejabberd.pem"
generated by cgit v1.2.3 (git 2.46.0) at 2025-01-12 08:07:09 +0000