Tighten crypto, based on blog entry drawing from bettercrypto.org.

author: Jonas Smedegaard <dr@jones.dk> 2017-01-18 18:04:44 +0100
committer: Jonas Smedegaard <dr@jones.dk> 2017-01-18 18:04:44 +0100
commit: 6c9397a5224ae393d110e3ba1f0b59461554c800 (patch)
tree: 896db7612f2a19cbb797103e209282103880b1ef /ejabberd
parent: ccfe0921edb6d81ccf53135654fd364eea679140 (diff)
1 files changed, 4 insertions, 5 deletions
diff --git a/ejabberd/defs.yml b/ejabberd/defs.yml
index aeb08f9..8c7a4f6 100644
--- a/ejabberd/defs.yml
+++ b/ejabberd/defs.yml
@@ -1,5 +1,4 @@
-# Origin: https://github.com/jabber-at/config
-# Origin: https://gitlab.com/hanno/ejabberd-config
+# https://feeding.cloud.geek.nz/posts/running-your-own-xmpp-server-debian-ubuntu/
 
 # The default ciphers-setting is found here:
 #    https://github.com/processone/tls/blob/master/c_src/p1_tls_drv.c
@@ -10,7 +9,7 @@ define_macro:
     - "no_sslv2"
     - "no_sslv3"
     - "no_tlsv1"
-  'TLS_CIPHERS': "ECDH:DH:!CAMELLIA128:!3DES:!MD5:!RC4:!aNULL:!NULL:!EXPORT:!LOW:!MEDIUM"
-  #'TLS_CIPHERS': "HIGH:!MEDIUM:!LOW:!3DES:!CAMELLIA:!aNULL:!RSA@STRENGTH"
-  #'TLS_CIPHERS': "HIGH:!3DES:!aNULL:!SSLv2:@STRENGTH"
+    - "no_tlsv1_1"
+    - "cipher_server_preference"
+  'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
   CERT_PATH: "/etc/ejabberd/ejabberd.pem"
author	Jonas Smedegaard <dr@jones.dk>	2017-01-18 18:04:44 +0100
committer	Jonas Smedegaard <dr@jones.dk>	2017-01-18 18:04:44 +0100
commit	6c9397a5224ae393d110e3ba1f0b59461554c800 (patch)
tree	896db7612f2a19cbb797103e209282103880b1ef /ejabberd
parent	ccfe0921edb6d81ccf53135654fd364eea679140 (diff)