Mercurial > prosody-wiki
comparison mod_s2s_auth_fingerprint.wiki @ 419:fdff0de712a7
mod_s2s_auth_fingerprint: Describe how to change the digest. (thanks hardfalcon)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 19 Jan 2014 22:38:16 +0100 |
| parents | dc20cb1bb874 |
| children | 171663daa144 |
comparison
equal
deleted
inserted
replaced
| 418:31cf9ab1d440 | 419:fdff0de712a7 |
|---|---|
| 15 The module has an optional mode in which it will reject listed servers that don't match one of the listed fingerprints, aka certificate pinning. | 15 The module has an optional mode in which it will reject listed servers that don't match one of the listed fingerprints, aka certificate pinning. |
| 16 Servers not listed in the configuration are not affected. | 16 Servers not listed in the configuration are not affected. |
| 17 | 17 |
| 18 = Configuration = | 18 = Configuration = |
| 19 | 19 |
| 20 After installing and enabling this module, you can put SHA-1 fingerprints of remote servers in your config like this: | 20 After installing and enabling this module, you can put fingerprints of remote servers in your config like this: |
| 21 | 21 |
| 22 {{{ | 22 {{{ |
| 23 s2s_auth_fingerprint_digest = "sha1" -- This is the default. Other options are "sha256" and "sha512" | |
| 23 s2s_trusted_fingerprints = { | 24 s2s_trusted_fingerprints = { |
| 24 ["jabber.org"] = "11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED"; | 25 ["jabber.org"] = "11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED"; |
| 25 ["matthewwild.co.uk"] = { | 26 ["matthewwild.co.uk"] = { |
| 26 "FD:7F:B2:B9:4C:C4:CB:E2:E7:48:FB:0D:98:11:C7:D8:4D:2A:62:AA"; | 27 "FD:7F:B2:B9:4C:C4:CB:E2:E7:48:FB:0D:98:11:C7:D8:4D:2A:62:AA"; |
| 27 "CF:F3:EC:43:A9:D5:D1:4D:D4:57:09:55:52:BC:5D:73:06:1A:A1:A0"; | 28 "CF:F3:EC:43:A9:D5:D1:4D:D4:57:09:55:52:BC:5D:73:06:1A:A1:A0"; |