path: root/ejabberd/defs.yml

# Origin: https://github.com/jabber-at/config
# Origin: https://gitlab.com/hanno/ejabberd-config

# The default ciphers-setting is found here:
#    https://github.com/processone/tls/blob/master/c_src/p1_tls_drv.c
# We use the default and exclude a few additional ciphers classified as weak
# by xmpp.net.
define_macro:
  'TLS_OPTIONS':
    - "no_sslv2"
    - "no_sslv3"
    - "no_tlsv1"
  'TLS_CIPHERS': "ECDH:DH:!CAMELLIA128:!3DES:!MD5:!RC4:!aNULL:!NULL:!EXPORT:!LOW:!MEDIUM"
  #'TLS_CIPHERS': "HIGH:!MEDIUM:!LOW:!3DES:!CAMELLIA:!aNULL:!RSA@STRENGTH"
  #'TLS_CIPHERS': "HIGH:!3DES:!aNULL:!SSLv2:@STRENGTH"
  CERT_PATH: "/etc/ejabberd/ejabberd.pem"