Mercurial > prosody-modules
comparison mod_tls_policy/README.markdown @ 1843:032b209bb8ff
mod_tls_policy/README: Reflow and strip trailing whitespace (pandoc thougt it meant explicit line breaks)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 12 Sep 2015 21:04:43 +0200 |
| parents | 98ad01cc83cf |
| children | ad24f8993385 |
comparison
equal
deleted
inserted
replaced
| 1842:98ad01cc83cf | 1843:032b209bb8ff |
|---|---|
| 1 % Cipher policy enforcement with application level error reporting | 1 % Cipher policy enforcement with application level error reporting |
| 2 | 2 |
| 3 # Introduction | 3 # Introduction |
| 4 | 4 |
| 5 This module arose from discussions at the XMPP Summit about enforcing | 5 This module arose from discussions at the XMPP Summit about enforcing |
| 6 better ciphers in TLS. It may seem attractive to disallow some | 6 better ciphers in TLS. It may seem attractive to disallow some insecure |
| 7 insecure ciphers or require forward secrecy, but doing this at the TLS | 7 ciphers or require forward secrecy, but doing this at the TLS level |
| 8 level would the user with an unhelpful "Encryption failed" message. | 8 would the user with an unhelpful "Encryption failed" message. This |
| 9 This module does this enforcing at the application level, allowing | 9 module does this enforcing at the application level, allowing better |
| 10 better error messages. | 10 error messages. |
| 11 | 11 |
| 12 # Configuration | 12 # Configuration |
| 13 | 13 |
| 14 First, download and add the module to `module_enabled`. Then you can | 14 First, download and add the module to `module_enabled`. Then you can |
| 15 decide on what policy you want to have. | 15 decide on what policy you want to have. |
| 16 | 16 |
| 17 Requiring ciphers with forward secrecy is the most simple to set up. | 17 Requiring ciphers with forward secrecy is the most simple to set up. |
| 18 | 18 |
| 19 ``` lua | 19 ``` lua |