annotate mod_s2s_never_encrypt_blacklist.wiki @ 455:5f111a4e13fb

mod_s2s_auth_dane.wiki: drep mention of luajit, not required anymore
author Kim Alvefur <zash@zash.se>
date Mon, 19 May 2014 11:28:47 +0200
parents 7c960f1b4cf8
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
213
7c960f1b4cf8 added summary.
maranda3985@gmail.com
parents: 212
diff changeset
1 #summary Stops prosody from including starttls into available features for specified remote servers.
205
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
2 #labels Stage-Beta
213
7c960f1b4cf8 added summary.
maranda3985@gmail.com
parents: 212
diff changeset
3
205
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
4 = Details =
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
5
212
8935d59dcf86 Linked up the OpenFire bug
daniel@aleksand.no
parents: 211
diff changeset
6 Let's you stop Prosody from sending <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'> feature to choppy/buggy servers which therefore would fail to re-negotiate and use a secure stream. (e.g. [http://issues.igniterealtime.org/browse/OF-405 OpenFire 3.7.0])
205
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
7
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
8 = Usage =
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
9
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
10 Copy the plugin into your prosody's modules directory.
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
11
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
12 And add it between your enabled modules into the global section (modules_enabled).
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
13
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
14 Then list each host as follow:
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
15 {{{
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
16 tls_s2s_blacklist = { "host1.tld", "host2.tld", "host3.tld" }
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
17 }}}
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
18
211
ef34b35b8a73 added second ip option.
maranda3985@gmail.com
parents: 206
diff changeset
19 In the unfortunate case of OpenFire... you can add the Server's ip address directly as it may not send proper rfc6121 requests.
ef34b35b8a73 added second ip option.
maranda3985@gmail.com
parents: 206
diff changeset
20 {{{
ef34b35b8a73 added second ip option.
maranda3985@gmail.com
parents: 206
diff changeset
21 tls_s2s_blacklist_ip = { "a.a.a.a", "b.b.b.b", "c.c.c.c" }
ef34b35b8a73 added second ip option.
maranda3985@gmail.com
parents: 206
diff changeset
22 }}}
ef34b35b8a73 added second ip option.
maranda3985@gmail.com
parents: 206
diff changeset
23
205
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
24 = Compatibility =
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
25
97e15fe16c0b wiki: added page for mod_s2s_never_encrypt_blacklist
maranda3985@gmail.com
parents:
diff changeset
26 It's supposed to work with 0.7-0.8.x