25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-24 17:29:28 +01:00

Improve explanation about SSL for port 5223 and its option 'tls'.

SVN Revision: 2339
This commit is contained in:
Badlop 2009-06-25 18:02:23 +00:00
parent 2159829168
commit edb5211f5f
2 changed files with 18 additions and 6 deletions

View File

@ -759,8 +759,14 @@ No unencrypted connections will be allowed.
You should also set the <TT>certfile</TT> option.
You can define a certificate file for a specific domain using the global option <TT>domain_certfile</TT>.
</DD><DT CLASS="dt-description"><B><TT>tls</TT></B></DT><DD CLASS="dd-description"> This option specifies that traffic on
the port will be encrypted using SSL immediately after connecting. You
should also set the <TT>certfile</TT> option.
the port will be encrypted using SSL immediately after connecting.
This was the traditional encryption method in the early Jabber software,
commonly on port 5223 for client-to-server communications.
But this method is nowadays deprecated and not recommended.
The preferable encryption method is STARTTLS on port 5222, as defined
<A HREF="http://www.xmpp.org/specs/rfc3920.html#tls">RFC 3920: XMPP Core</A>,
which can be enabled in <TT>ejabberd</TT> with the option <TT>starttls</TT>.
If this option is set, you should also set the <TT>certfile</TT> option.
</DD><DT CLASS="dt-description"><B><TT>web_admin</TT></B></DT><DD CLASS="dd-description"> This option
enables the Web Admin for <TT>ejabberd</TT> administration which is available
at <CODE>http://server:port/admin/</CODE>. Login and password are the username and
@ -770,7 +776,7 @@ password of one of the registered users who are granted access by the
option specifies that Zlib stream compression (as defined in <A HREF="http://www.xmpp.org/extensions/xep-0138.html">XEP-0138</A>)
is available on connections to the port. Client connections cannot use
stream compression and stream encryption simultaneously. Hence, if you
specify both <TT>tls</TT> (or <TT>ssl</TT>) and <TT>zlib</TT>, the latter
specify both <TT>starttls</TT> (or <TT>tls</TT>) and <TT>zlib</TT>, the latter
option will not affect connections (there will be no stream compression).
</DD></DL><P>There are some additional global options that can be specified in the ejabberd configuration file (outside <TT>listen</TT>):
</P><DL CLASS="description"><DT CLASS="dt-description">

View File

@ -896,8 +896,14 @@ This is a detailed description of each option allowed by the listening modules:
You should also set the \option{certfile} option.
You can define a certificate file for a specific domain using the global option \option{domain\_certfile}.
\titem{tls} \ind{options!tls}\ind{TLS}This option specifies that traffic on
the port will be encrypted using SSL immediately after connecting. You
should also set the \option{certfile} option.
the port will be encrypted using SSL immediately after connecting.
This was the traditional encryption method in the early Jabber software,
commonly on port 5223 for client-to-server communications.
But this method is nowadays deprecated and not recommended.
The preferable encryption method is STARTTLS on port 5222, as defined
\footahref{http://www.xmpp.org/specs/rfc3920.html\#tls}{RFC 3920: XMPP Core},
which can be enabled in \ejabberd{} with the option \term{starttls}.
If this option is set, you should also set the \option{certfile} option.
\titem{web\_admin} \ind{options!web\_admin}\ind{web admin}This option
enables the Web Admin for \ejabberd{} administration which is available
at \verb|http://server:port/admin/|. Login and password are the username and
@ -907,7 +913,7 @@ This is a detailed description of each option allowed by the listening modules:
option specifies that Zlib stream compression (as defined in \xepref{0138})
is available on connections to the port. Client connections cannot use
stream compression and stream encryption simultaneously. Hence, if you
specify both \option{tls} (or \option{ssl}) and \option{zlib}, the latter
specify both \option{starttls} (or \option{tls}) and \option{zlib}, the latter
option will not affect connections (there will be no stream compression).
\end{description}