|
|
|
@ -42,6 +42,25 @@ certfiles:
|
|
|
|
|
|
|
|
|
|
ca_file: "/home/ejabberd/conf/cacert.pem"
|
|
|
|
|
|
|
|
|
|
define_macro:
|
|
|
|
|
# TLS options for client not being able to use modern ciphers (Windows XP+, Android 3.0+)
|
|
|
|
|
CIPHERS_INTERMEDIATE: "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
|
|
|
|
|
PROTOCOL_OPTIONS_INTERMEDIATE:
|
|
|
|
|
- "no_sslv2"
|
|
|
|
|
- "no_sslv3"
|
|
|
|
|
|
|
|
|
|
# TLS options for client able to use modern ciphers (Windows 7+, Android 5.0+)
|
|
|
|
|
CIPHERS_MODERN: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
|
|
|
|
|
PROTOCOL_OPTIONS_MODERN:
|
|
|
|
|
- "no_sslv2"
|
|
|
|
|
- "no_sslv3"
|
|
|
|
|
- "no_tlsv1"
|
|
|
|
|
- "no_tlsv1_1"
|
|
|
|
|
|
|
|
|
|
c2s_ciphers: CIPHERS_INTERMEDIATE
|
|
|
|
|
c2s_protocol_options: PROTOCOL_OPTIONS_INTERMEDIATE
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
listen:
|
|
|
|
|
-
|
|
|
|
|
port: 5222
|
|
|
|
@ -68,7 +87,14 @@ listen:
|
|
|
|
|
"/oauth": ejabberd_oauth
|
|
|
|
|
web_admin: true
|
|
|
|
|
captcha: false
|
|
|
|
|
ciphers: CIPHERS_INTERMEDIATE
|
|
|
|
|
protocol_options: PROTOCOL_OPTIONS_INTERMEDIATE
|
|
|
|
|
tls: true
|
|
|
|
|
-
|
|
|
|
|
port: 5280
|
|
|
|
|
ip: "::"
|
|
|
|
|
module: ejabberd_http
|
|
|
|
|
web_admin: true
|
|
|
|
|
|
|
|
|
|
s2s_use_starttls: optional
|
|
|
|
|
|
|
|
|
@ -79,7 +105,6 @@ acl:
|
|
|
|
|
ip:
|
|
|
|
|
- "127.0.0.0/8"
|
|
|
|
|
- "::1/128"
|
|
|
|
|
- "::FFFF:127.0.0.1/128"
|
|
|
|
|
|
|
|
|
|
access_rules:
|
|
|
|
|
local:
|
|
|
|
|