https://www.ejabberd.im/node/2812 en https://www.ejabberd.im/node/2812#comment-51705 <div class="quote-msg"> <div class="quote-author"><em>yohnson</em> wrote:</div> <p>Is there a way to get ejabberd to check a certificate revoke list upon s2s connection attempts, denying the connection if present on a revoke list? </p> <p>Also is there a way to have ejabberd check an external list of SSL certs IDs or fingerprints for a listing before allowing connections? </p></div> <p>I think such advanced features are not possible right now in ejabberd.</p> <div class="quote-msg"> <div class="quote-author"><em>yohnson</em> wrote:</div> <p>I am looking to secure a method to enable a "ring" of trusted servers to interconnect provided they are a part of the "ring" and that their certificate is not revoked. Not sure how to approach this.</p></div> <p>In ejabberd 2.0.0 you can configure (<noindex><a href="https://support.process-one.net/browse/EJAB-283" rel="nofollow" >EJAB-283</a></noindex>):</p> <div class="quote-msg"> <div class="quote-author"><em>ejabberd.cfg</em> wrote:</div> <p>{s2s_default_policy, deny}.<br /> {{s2s_host,"goodhost1.org"}, allow}.<br /> {{s2s_host,"goodhost2.org"}, allow}.</p></div> <p>This way ejabberd will reject most S2S connections, and accept only the connections with goodhost1.org and goodhost2.org</p> <p>Maybe those proposed features would be intesesting too for you:<br /> <noindex><a href="https://support.process-one.net/browse/EJAB-495" rel="nofollow" >Add option to require encryption in S2S connections</a></noindex>,<br /> <noindex><a href="https://support.process-one.net/browse/EJAB-464" rel="nofollow" >Optionally reject S2S encrypted connections when untrusted certificate</a></noindex></p> Wed, 30 Jan 2008 09:53:51 +0000 mfoss comment 51705 at https://www.ejabberd.im