Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-11-24 16:23:40 +01:00
Code Releases Activity

Define default ciphers/protocol_option in example config

Browse Source
This commit is contained in:
Paweł Chmielowski 2018-12-07 12:54:18 +01:00
parent 0ef1c215b7
commit 7713edc6bb
1 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ejabberd.yml.example
View File

@ -39,6 +39,21 @@ certfiles:
- "/etc/letsencrypt/live/localhost/fullchain.pem" - "/etc/letsencrypt/live/localhost/fullchain.pem"
- "/etc/letsencrypt/live/localhost/privkey.pem" - "/etc/letsencrypt/live/localhost/privkey.pem"
define_macro:
# TLS options for client not being able to use modern ciphers (Windows XP+, Android 3.0+)
CIPHERS_INTERMEDIATE: "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
PROTOCOL_OPTIONS_INTERMEDIATE:
- "no_sslv2"
- "no_sslv3"
# TLS options for client able to use moder ciphers (Windows 7+, Android 5.0+)
CIPHERS_MODERN: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
PROTOCOL_OPTIONS_MODERN:
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1.1"
listen: listen:
- -
port: 5222 port: 5222
@ -47,6 +62,8 @@ listen:
max_stanza_size: 262144 max_stanza_size: 262144
shaper: c2s_shaper shaper: c2s_shaper
access: c2s access: c2s
ciphers: CIPHERS_MODERN
protocol_options: PROTOCOL_OPTIONS_MODERN
starttls_required: true starttls_required: true
- -
port: 5269 port: 5269
@ -64,6 +81,8 @@ listen:
"/ws": ejabberd_http_ws "/ws": ejabberd_http_ws
web_admin: true web_admin: true
captcha: true captcha: true
ciphers: CIPHERS_MODERN
protocol_options: PROTOCOL_OPTIONS_MODERN
tls: true tls: true
s2s_use_starttls: optional s2s_use_starttls: optional
@ -75,7 +94,6 @@ acl:
ip: ip:
- "127.0.0.0/8" - "127.0.0.0/8"
- "::1/128" - "::1/128"
- "::FFFF:127.0.0.1/128"
access_rules: access_rules:
local: local: