[ejabberd] only allow encrypted connections, how?

Badlop badlop at gmail.com
Mon Feb 18 13:36:21 MSK 2008


2008/2/18, Gábor Farkas <gabor at nekomancer.net>:
> i would like to setup a jabber server using ejabberd,
> but i only want to allow encrypted connections.

A Jabber server can communicate with Jabber clients, and also with
other Jabber servers.


> by that i mean that both the passwords, and the messages
> (the whole communication) should be encrypted.
>
> my plan is this:
>
> in the config-file,
> for port 5222, i will use the "starttls_required" switch.
> for port 5223, i will use the "ssl" switch.
>
> is this enough to make sure that there's no way to connect to my jabber
> server, and send unencrypted messages?

Yes, this setup ensures that c2s communications are encrypted.

But if you plan to allow communication with other Jabber servers, you
should also enable starttls in s2s with:
{s2s_use_starttls, true}.

You may be interested in the first part of this article:
  http://www.ejabberd.im/s2s-encryption

Unfortunately, the option s2s_use_starttls does not allow to *require*
encryption. So, if your server communicates with other Jabber servers,
they may or may not be encrypted. This depends in the remote server.

In that case you are interested in this feature request:
  Add option to require encryption in S2S connections
  https://support.process-one.net/browse/EJAB-495


More information about the ejabberd mailing list