In ejabberd 14.05 we have new "tls_options" config option.
I havent found any docs on it.
I want to deny usage of outdated sslv3 protocol, possibly also tlsv1.
Whats the correct way to do it ?
Looking for ejabberd docs?
To access the most up-to-date ejabberd documentation, please visit docs.ejabberd.im »
tls_options
Submitted by bolvan on Sat, 2014-07-19 06:19
By now i solved my task by
By now i solved my task by slightly modifying p1_tls_drv.so
git clone
p1_tls_drv.c :
----------------------------------------------------
#ifdef SSL_OP_NO_COMPRESSION
<------> if (flags & COMPRESSION_NONE)
<------> SSL_set_options(d->ssl, SSL_OP_NO_COMPRESSION);
#endif
// MODDED
SSL_set_options(d->ssl, SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2);
<------> SSL_set_ex_data(d->ssl, ssl_index, d);
----------------------------------------------------
compile
replace lib/ejabberd-14.05/priv/lib/p1_tls_drv.so
This is dumb but it works.