Add ejabberd tweaks as snippets.

author: Jonas Smedegaard <dr@jones.dk> 2017-01-18 17:32:45 +0100
committer: Jonas Smedegaard <dr@jones.dk> 2017-01-18 17:33:29 +0100
commit: ccfe0921edb6d81ccf53135654fd364eea679140 (patch)
tree: bf3e9e97afad41b7437ed0be1cd1d1a82eecd9be /ejabberd/defs.yml
parent: 8d7a52d331eee26c44ee8ac68a72b0b2fe0a0750 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/ejabberd/defs.yml b/ejabberd/defs.yml
new file mode 100644
index 0000000..aeb08f9
--- /dev/null
+++ b/ejabberd/defs.yml
@@ -0,0 +1,16 @@
+# Origin: https://github.com/jabber-at/config
+# Origin: https://gitlab.com/hanno/ejabberd-config
+
+# The default ciphers-setting is found here:
+#    https://github.com/processone/tls/blob/master/c_src/p1_tls_drv.c
+# We use the default and exclude a few additional ciphers classified as weak
+# by xmpp.net.
+define_macro:
+  'TLS_OPTIONS':
+    - "no_sslv2"
+    - "no_sslv3"
+    - "no_tlsv1"
+  'TLS_CIPHERS': "ECDH:DH:!CAMELLIA128:!3DES:!MD5:!RC4:!aNULL:!NULL:!EXPORT:!LOW:!MEDIUM"
+  #'TLS_CIPHERS': "HIGH:!MEDIUM:!LOW:!3DES:!CAMELLIA:!aNULL:!RSA@STRENGTH"
+  #'TLS_CIPHERS': "HIGH:!3DES:!aNULL:!SSLv2:@STRENGTH"
+  CERT_PATH: "/etc/ejabberd/ejabberd.pem"
author	Jonas Smedegaard <dr@jones.dk>	2017-01-18 17:32:45 +0100
committer	Jonas Smedegaard <dr@jones.dk>	2017-01-18 17:33:29 +0100
commit	ccfe0921edb6d81ccf53135654fd364eea679140 (patch)
tree	bf3e9e97afad41b7437ed0be1cd1d1a82eecd9be /ejabberd/defs.yml
parent	8d7a52d331eee26c44ee8ac68a72b0b2fe0a0750 (diff)