RC4, SHA1 and MD5
authorMeikoDis <meikodis@meikodis.org>
Wed, 5 Nov 2014 00:08:38 +0000 (00:08 +0000)
committerMeikoDis <meikodis@meikodis.org>
Wed, 5 Nov 2014 00:08:38 +0000 (00:08 +0000)
src/configuration/IM/prosody/prosody.cfg.lua
src/practical_settings/im.tex

index 3c8bf49..b5a1c6e 100644 (file)
@@ -92,7 +92,7 @@ ssl = {
        certificate = "/etc/ssl/jabber/root.crt";
        dhparam = "/etc/ssl/jabber/dhparam.pem";
        options = {"no_sslv2", "no_sslv3","no_tlsv1" };
-       ciphers = "HIGH+kEDH:HIGH+kEECDH:HIGH:!RC4:!SHA1:!PSK:!SRP:!3DES:!aNULL";
+       ciphers = "HIGH+kEDH:HIGH+kEECDH:HIGH:!RC4:!SHA1:!MD5:!PSK:!SRP:!3DES:!aNULL";
        depth = "1";
        curve = "secp384r1";
 }
index 0f5eba8..eaac407 100644 (file)
@@ -19,7 +19,7 @@ The last point being out-of-scope for this section, we will only cover the first
 \subsection{Prosody}
 \subsubsection{Settings}
 Prosody is a Jabber server which is written in Lua. 
-The following configuration is suggested to disable SSLv2 and SSLv3 and require a TLS connection.
+The following configuration is suggested to disable SSLv2 and SSLv3 and require a TLS connection. In addition this configuration removes RC4, SHA1 and MD5.
 
 \configfile{prosody.cfg.lua}{90-98,103-104}{% 
   TLS setup for Prosody}