[ejabberd] Re: Ejabberd clustering

Sergei Golovan sgolovan at nm.ru
Wed Jul 6 13:44:22 MSD 2005


On Wed, Jul 06, 2005 at 01:31:29PM +0400, Oleg Motienko wrote:
> 
>    2005/7/6, Magnus Henoch <[1]mange at freemail.hu>:
> 
>      "Oleg V. Motienko" <[2]mmm at ttn.ru> writes:
>      > But what about SSL port (5223) ?
>      > Which record must be there?
>      There's no need for that, as STARTTLS negotiation takes place on
>      the
>      same port as non-encrypted communication.
> 
>    But if I want to disable unencrypted connections, what can I do?
>    So, in current configuration port 5222 is closed and only 5223 opened
>    for clients.

You may close 5223 and put starttls_required to listener options.
In that case only clients that do STARTTLS will be allowed to connect.
(Drawback: ejabberd requires client to use SASL-only authentication after
STARTTLS.)


-- 
Sergei 'TeopeTuK' Golovan


More information about the ejabberd mailing list