Disable:
- export ciphers - broken by design, 40 and 56 bit encryption
- low encryption ciphers - 56 and 64 bit encryption
- SSLv2 ciphers - some ciphers using MD5 MAC
SSL 2.0 is not used anywhere as it has security problems. Disable it
unconditionally both in server and client mode. This does _not_
disable support for SSL 2.0 compatible client hello which still will
be accepted in the server mode.
Sending one large chunk of data with tls:send eats lots of
CPU power and blocks whole Erlang emulator. This is caused by the
fact that encrypted output is read from memory BIO in 1k chunks.
Memory BIO, after reading data, shifts the remaining part.
If large chunks of data (few MB) is sent and then read in 1k
chunks, then a _lot_ of shifting is performed eating CPU.
The solution is to simply allocate binary of the needed size
(amount of data in memory BIO can be retrieved with
BIO_ctrl_pending) and then issue only one read that reads the
whole data.
0.9.8f (EJAB-877)(thanks to Jonathan Schleifer)
* doc/guide.tex: It is again supported OpenSSL older than 0.9.8f
* doc/guide.html: Likewise
SVN Revision: 1979
* src/tls/tls.erl: Likewise
* src/ejabberd_s2s_in.erl: Support for STARTTLS+Dialback
* src/ejabberd_s2s_out.erl: Likewise
* src/ejabberd_receiver.erl: Added a few hacks ({active,once} mode
should be used instead of recv/3 call to avoid them)
* src/ejabberd_config.erl: Added s2s_use_starttls and s2s_certfile
options
* src/ejabberd.cfg.example: Likewise
SVN Revision: 426
session (thanks to Maxim Ryazanov)
* src/tls/tls_drv.c: Now reads all certificates from certificate
file instead of reading only first one (thanks to Karl-Johan
Karlsson)
* examples/transport-configs/init-scripts/jabber-gg-transport:
Fixed typo (thanks to Sander Devrieze)
SVN Revision: 305
* src/ejabberd_auth.erl: Now uses two LDAP connections
* src/ejabberd_c2s.erl: Return resource on get_presence request
(thanks to Mickael Remond)
* src/mod_configure2.erl: Bugfix (thanks to Sergei Golovan)
* src/msgs/ua.msg: New Ukrainian translation (thanks to usercard)
* src/msgs/nl.msg: Updated (thanks to Sander Devrieze)
SVN Revision: 247