mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-24 17:29:28 +01:00
Remove TLS options from the example config
The purpose is two-fold: - To simplify the example config. - To avoid old TLS configuration to be persistent across server updates: this might bring security problems, because what's considered "modern" now might be insecure in the future.
This commit is contained in:
parent
05d088b104
commit
830a2f209a
@ -39,24 +39,6 @@ certfiles:
|
||||
- "/etc/letsencrypt/live/localhost/fullchain.pem"
|
||||
- "/etc/letsencrypt/live/localhost/privkey.pem"
|
||||
|
||||
define_macro:
|
||||
# TLS options for client not being able to use modern ciphers (Windows XP+, Android 3.0+)
|
||||
CIPHERS_INTERMEDIATE: "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
|
||||
PROTOCOL_OPTIONS_INTERMEDIATE:
|
||||
- "no_sslv2"
|
||||
- "no_sslv3"
|
||||
|
||||
# TLS options for client able to use modern ciphers (Windows 7+, Android 5.0+)
|
||||
CIPHERS_MODERN: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
|
||||
PROTOCOL_OPTIONS_MODERN:
|
||||
- "no_sslv2"
|
||||
- "no_sslv3"
|
||||
- "no_tlsv1"
|
||||
- "no_tlsv1_1"
|
||||
|
||||
c2s_ciphers: CIPHERS_INTERMEDIATE
|
||||
c2s_protocol_options: PROTOCOL_OPTIONS_INTERMEDIATE
|
||||
|
||||
listen:
|
||||
-
|
||||
port: 5222
|
||||
@ -82,8 +64,6 @@ listen:
|
||||
"/ws": ejabberd_http_ws
|
||||
web_admin: true
|
||||
captcha: true
|
||||
ciphers: CIPHERS_INTERMEDIATE
|
||||
protocol_options: PROTOCOL_OPTIONS_INTERMEDIATE
|
||||
tls: true
|
||||
-
|
||||
port: 5280
|
||||
|
Loading…
Reference in New Issue
Block a user