@@ -44,6 +44,8 @@ allow_registration = false;
ssl = {
key = "/etc/ssl/private/{{ xmpp_tls_key | basename }}";
certificate = "/etc/ssl/certs/{{ xmpp_tls_certificate | basename }}";
prosody = "tlsv1_2";
ciphers = "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!MD5:!EXPORT;"
}
-- Ports on which to have direct TLS/SSL.