[ejabberd] ubuntu cripto

Holger Weiß holger at zedat.fu-berlin.de
Mon Apr 18 10:16:48 MSK 2016


* Randy Bush <randy at psg.com> [2016-04-18 12:57]:
> >     port: 5222
> >     ip: "::"
> >     module: ejabberd_c2s
> >     certfile: "/etc/ejabberd/ejabberd.pem"
> >     starttls_required: true
> >     starttls: true
> >     ciphers: "HIGH:!3DES:!aNULL:!SSLv2:@STRENGTH"
> >     protocol_options:
> >       - "no_sslv2"
> >       - "no_sslv3"
> >     max_stanza_size: 65536
> >     shaper: c2s_shaper
> >     access: c2s
> >     resend_on_timeout: if_offline
> 
> if i add
>    tls: true
> ejabberd logs the following
> 
> 2016-04-18 03:54:56.549 [error] <0.485.0>@ejabberd_receiver:handle_info:248 TLS error = SSL_do_handshake failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Yes, "tls: true" enables TLS-on-connect (as opposed to STARTTLS), so you
don't want this here.

Holger


More information about the ejabberd mailing list