[ejabberd] tls and jabber.org and google

Randy Bush randy at psg.com
Mon Jun 6 16:53:00 MSK 2016


i have to provide connections to google and jabber.org.

    ## If TLS is compiled in and you installed a SSL
    ## certificate, specify the full path to the
    ## file and uncomment these lines:
    ##
    certfile: "/etc/ejabberd/ejabberd.pem"
    ## starttls: true
    ##
    ## To enforce TLS encryption for client connections,
    ## use this instead of the "starttls" option:
    ##
    starttls: true
    starttls_required: true

for s2s, i currently have

    ## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
    ## Allowed values are: false optional required required_trusted
    ## You must specify a certificate file.
    ##
    #s2s_use_starttls: required
    s2s_use_starttls: false

    ##
    ## s2s_certfile: Specify a certificate file.
    ##
    s2s_certfile: "/etc/ejabberd/ejabberd.pem"

    ## Custom OpenSSL options
    ##
    s2s_protocol_options:
       - "no_sslv3"
    ##   - "no_tlsv1"

this allows google but users report no buddies at jabber.org

anyone understand this better than i?  thanks.

randy


More information about the ejabberd mailing list