File diff 0758b92e0638 → c1abe824342c
roles/xmpp_server/templates/prosody.cfg.lua.j2
Show inline comments
 
@@ -55,13 +55,31 @@ c2s_ssl = {
 

			




	
	
	
		
 
-- Configure TLS protocol and ciphers for client-to-server

			




	
	
	
		
 
-- connections (direct TLS).

			




	
	
	
		
 
{% if ansible_distribution_release == "bullseye" %}

			




	
	
	
		
 
legacy_ssl_ssl = {

			




	
	
	
		
 
  protocol = "{{ xmpp_server_tls_protocol }}";

			




	
	
	
		
 
  ciphers = "{{ xmpp_server_tls_ciphers }}";

			




	
	
	
		
 
}

			




	
	
	
		
 
{% else %}

			




	
	
	
		
 
c2s_direct_tls_ssl = {

			




	
	
	
		
 
  protocol = "{{ xmpp_server_tls_protocol }}";

			




	
	
	
		
 
  ciphers = "{{ xmpp_server_tls_ciphers }}";

			




	
	
	
		
 
  -- @WORKAROUND: No DHE ciphers because dhparam is getting reset

			




	
	
	
		
 
  --

			




	
	
	
		
 
  --    There is a bug in Prosody 0.12.3 resulting in dhparam value

			




	
	
	
		
 
  --    from from global config getting ignored when domain SNI

			




	
	
	
		
 
  --    context is initalised on TCP port 5223. Define the parameter

			




	
	
	
		
 
  --    in within this configuration context as well to fix the issue.

			




	
	
	
		
 
  dhparam = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.dh.pem";

			




	
	
	
		
 
}

			




	
	
	
		
 
{% endif %}

			




	
	
	
		
 

			




	
	
	
		
 
-- Ports on which to have direct TLS/SSL.

			




	
	
	
		
 
{% if ansible_distribution_release == "bullseye" %}

			




	
	
	
		
 
legacy_ssl_ports = { 5223 }

			




	
	
	
		
 
{% else %}

			




	
	
	
		
 
c2s_direct_tls_ports = { 5223 }

			




	
	
	
		
 
{% endif %}

			




	
	
	
		
 

			




	
	
	
		
 
-- Force clients to use encrypted connection.

			




	
	
	
		
 
c2s_require_encryption = true

			




        

    



    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.