ejabberd

Looking for ejabberd docs?

To access the most up-to-date ejabberd documentation, please visit docs.ejabberd.im »

[solved] Only TLS v1.2 enabled, no TLS v1 or 1.1

Submitted by h_peter on Thu, 2015-10-29 10:41

ejabberd Administration

I have recently installed ejabberd 15.09 and left the default configuration for the most part (just set TLS to required and set the ciphers).
With this configuration, only TLSv1.2 is enabled according to xmpp.net (so no TLSv1 and TLSv1.1 and thus no compatibility for some clients).

How can I enable TLSv1 and TLSv1.1? I have only seen options to disable SSLv3 and SSLv2 (which both seem to be disabled by default).
I can paste the configuration later if that helps.

Here is the relevant part of

Submitted by h_peter on Sun, 2015-11-01 18:50.

Here is the relevant part of the configuration. I left the protocol_options at their default value.

listen:
  - 
    port: 5222
    module: ejabberd_c2s
    max_stanza_size: 65536
    shaper: c2s_shaper
    access: c2s
    starttls: true
    starttls_required: true
    certfile: "[my certfile]"
    dhfile: "[my dhfile]"
    ciphers: "HIGH:!SHA1:!MD5:!RC4:!ADH"
    tls_compression: false
    ## Custom OpenSSL options
    ##
    # protocol_options:
    ##  - "no_sslv3"
    ##   - "no_tlsv1"

Any ideas how to enable TLSv1 and/or TLSv1.1?

Just found out that my cipher

Submitted by h_peter on Sun, 2015-11-01 19:31.

Just found out that my cipher suite only included TLSv1.2 compatible ciphers for my version of openssl. Now using EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH thanks to https://cipherli.st :)

Looking for ejabberd docs?

[solved] Only TLS v1.2 enabled, no TLS v1 or 1.1

Here is the relevant part of

Just found out that my cipher

User login

Navigation