25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-22 16:20:52 +01:00

Improve explanation about SSL for port 5223 and its option 'tls'.

SVN Revision: 2340
This commit is contained in:
Badlop 2009-06-25 18:03:29 +00:00
parent 52c0fd8f09
commit 82b3790f85
2 changed files with 18 additions and 6 deletions

View File

@ -751,8 +751,14 @@ No unencrypted connections will be allowed.
You should also set the <TT>certfile</TT> option. You should also set the <TT>certfile</TT> option.
You can define a certificate file for a specific domain using the global option <TT>domain_certfile</TT>. You can define a certificate file for a specific domain using the global option <TT>domain_certfile</TT>.
</DD><DT CLASS="dt-description"><B><TT>tls</TT></B></DT><DD CLASS="dd-description"> This option specifies that traffic on </DD><DT CLASS="dt-description"><B><TT>tls</TT></B></DT><DD CLASS="dd-description"> This option specifies that traffic on
the port will be encrypted using SSL immediately after connecting. You the port will be encrypted using SSL immediately after connecting.
should also set the <TT>certfile</TT> option. This was the traditional encryption method in the early Jabber software,
commonly on port 5223 for client-to-server communications.
But this method is nowadays deprecated and not recommended.
The preferable encryption method is STARTTLS on port 5222, as defined
<A HREF="http://www.xmpp.org/specs/rfc3920.html#tls">RFC 3920: XMPP Core</A>,
which can be enabled in <TT>ejabberd</TT> with the option <TT>starttls</TT>.
If this option is set, you should also set the <TT>certfile</TT> option.
</DD><DT CLASS="dt-description"><B><TT>web_admin</TT></B></DT><DD CLASS="dd-description"> This option </DD><DT CLASS="dt-description"><B><TT>web_admin</TT></B></DT><DD CLASS="dd-description"> This option
enables the Web Admin for <TT>ejabberd</TT> administration which is available enables the Web Admin for <TT>ejabberd</TT> administration which is available
at <CODE>http://server:port/admin/</CODE>. Login and password are the username and at <CODE>http://server:port/admin/</CODE>. Login and password are the username and
@ -762,7 +768,7 @@ password of one of the registered users who are granted access by the
option specifies that Zlib stream compression (as defined in <A HREF="http://www.xmpp.org/extensions/xep-0138.html">XEP-0138</A>) option specifies that Zlib stream compression (as defined in <A HREF="http://www.xmpp.org/extensions/xep-0138.html">XEP-0138</A>)
is available on connections to the port. Client connections cannot use is available on connections to the port. Client connections cannot use
stream compression and stream encryption simultaneously. Hence, if you stream compression and stream encryption simultaneously. Hence, if you
specify both <TT>tls</TT> (or <TT>ssl</TT>) and <TT>zlib</TT>, the latter specify both <TT>starttls</TT> (or <TT>tls</TT>) and <TT>zlib</TT>, the latter
option will not affect connections (there will be no stream compression). option will not affect connections (there will be no stream compression).
</DD></DL><P>There are some additional global options that can be specified in the ejabberd configuration file (outside <TT>listen</TT>): </DD></DL><P>There are some additional global options that can be specified in the ejabberd configuration file (outside <TT>listen</TT>):
</P><DL CLASS="description"><DT CLASS="dt-description"> </P><DL CLASS="description"><DT CLASS="dt-description">

View File

@ -884,8 +884,14 @@ This is a detailed description of each option allowed by the listening modules:
You should also set the \option{certfile} option. You should also set the \option{certfile} option.
You can define a certificate file for a specific domain using the global option \option{domain\_certfile}. You can define a certificate file for a specific domain using the global option \option{domain\_certfile}.
\titem{tls} \ind{options!tls}\ind{TLS}This option specifies that traffic on \titem{tls} \ind{options!tls}\ind{TLS}This option specifies that traffic on
the port will be encrypted using SSL immediately after connecting. You the port will be encrypted using SSL immediately after connecting.
should also set the \option{certfile} option. This was the traditional encryption method in the early Jabber software,
commonly on port 5223 for client-to-server communications.
But this method is nowadays deprecated and not recommended.
The preferable encryption method is STARTTLS on port 5222, as defined
\footahref{http://www.xmpp.org/specs/rfc3920.html\#tls}{RFC 3920: XMPP Core},
which can be enabled in \ejabberd{} with the option \term{starttls}.
If this option is set, you should also set the \option{certfile} option.
\titem{web\_admin} \ind{options!web\_admin}\ind{web admin}This option \titem{web\_admin} \ind{options!web\_admin}\ind{web admin}This option
enables the Web Admin for \ejabberd{} administration which is available enables the Web Admin for \ejabberd{} administration which is available
at \verb|http://server:port/admin/|. Login and password are the username and at \verb|http://server:port/admin/|. Login and password are the username and
@ -895,7 +901,7 @@ This is a detailed description of each option allowed by the listening modules:
option specifies that Zlib stream compression (as defined in \xepref{0138}) option specifies that Zlib stream compression (as defined in \xepref{0138})
is available on connections to the port. Client connections cannot use is available on connections to the port. Client connections cannot use
stream compression and stream encryption simultaneously. Hence, if you stream compression and stream encryption simultaneously. Hence, if you
specify both \option{tls} (or \option{ssl}) and \option{zlib}, the latter specify both \option{starttls} (or \option{tls}) and \option{zlib}, the latter
option will not affect connections (there will be no stream compression). option will not affect connections (there will be no stream compression).
\end{description} \end{description}