# https://feeding.cloud.geek.nz/posts/running-your-own-xmpp-server-debian-ubuntu/

# The default ciphers-setting is found here:
#    https://github.com/processone/tls/blob/master/c_src/p1_tls_drv.c
# We use the default and exclude a few additional ciphers classified as weak
# by xmpp.net.
define_macro:
  'TLS_OPTIONS':
    - "no_sslv2"
    - "no_sslv3"
    - "no_tlsv1"
    - "no_tlsv1_1"
    - "cipher_server_preference"
  'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
  CERT_PATH: "/etc/ejabberd/ejabberd.pem"