Ciphers, curve and depth added
authorMeikoDis <meikodis@meikodis.org>
Tue, 4 Nov 2014 23:54:14 +0000 (23:54 +0000)
committerMeikoDis <meikodis@meikodis.org>
Tue, 4 Nov 2014 23:54:14 +0000 (23:54 +0000)
src/configuration/IM/prosody/prosody.cfg.lua
src/practical_settings/im.tex

index 2fdf93d..9aef3e4 100644 (file)
@@ -92,6 +92,9 @@ ssl = {
        certificate = "/etc/ssl/jabber/root.crt";
        dhparam = "/etc/ssl/jabber/dhparam.pem";
        options = {"no_sslv2", "no_sslv3","no_tlsv1" };
+       ciphers = "HIGH+kEDH:HIGH+kEECDH:HIGH:!RC4:!SHA1:!PSK:!SRP:!3DES:!aNULL"
+       depth = "1"
+       curve = "secp384r1"
 }
 
 -- Force clients to use encrypted connections? This option will
index 4bd269d..0f5eba8 100644 (file)
@@ -21,7 +21,7 @@ The last point being out-of-scope for this section, we will only cover the first
 Prosody is a Jabber server which is written in Lua. 
 The following configuration is suggested to disable SSLv2 and SSLv3 and require a TLS connection.
 
-\configfile{prosody.cfg.lua}{90-94,100-101}{% 
+\configfile{prosody.cfg.lua}{90-98,103-104}{% 
   TLS setup for Prosody}
 
 %%----------------------------------------------------------------------