@@ -55,13 +55,31 @@ c2s_ssl = {
-- Configure TLS protocol and ciphers for client-to-server
-- connections (direct TLS).
{% if ansible_distribution_release == "bullseye" %}
legacy_ssl_ssl = {
protocol = "{{ xmpp_server_tls_protocol }}";
ciphers = "{{ xmpp_server_tls_ciphers }}";
}
{% else %}
c2s_direct_tls_ssl = {
-- @WORKAROUND: No DHE ciphers because dhparam is getting reset
--
-- There is a bug in Prosody 0.12.3 resulting in dhparam value
-- from from global config getting ignored when domain SNI
-- context is initalised on TCP port 5223. Define the parameter
-- in within this configuration context as well to fix the issue.
dhparam = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.dh.pem";
{% endif %}
-- Ports on which to have direct TLS/SSL.
legacy_ssl_ports = { 5223 }
c2s_direct_tls_ports = { 5223 }
-- Force clients to use encrypted connection.
c2s_require_encryption = true