Difference between revisions of "Securing XMPP"

Jump to navigation Jump to search
115 bytes added ,  01:39, 11 September 2013
no edit summary
Line 4: Line 4:


==Current Goals==
==Current Goals==
The information on this page is designed to meet the following goals:


* encrypted connections between clients and servers (a.k.a. "c2s")
* encrypted connections between clients and servers (a.k.a. "c2s")
Line 19: Line 21:
===Get a server certificate===
===Get a server certificate===


we will use example.com for this example
We will use example.com to illustrate.
* order a certificate for example.com (not servername.example.com) from your CA. [http://startssl.com/ StartSSL] offers free certificates.
 
* order a certificate for example.com (not servername.example.com) from your preferred CA. For instance, [http://startssl.com/ StartSSL] offers free certificates.


===Configure your DNS===
===Configure your DNS===


Ensure that the following DNS records are set:
Ensure that the following DNS records are set:
  _xmpp-server._tcp.example.com. 18000 IN SRV 0 5 5269 servername.example.com.  
  _xmpp-server._tcp.example.com. 18000 IN SRV 0 5 5269 servername.example.com.  
  servername.example.com.        18000  A 10.10.10.10 # you must have an A record for your server
  servername.example.com.        18000  A 10.10.10.10 # you must have an A record for your server


You can test your DNS setup at http://protocol.buddycloud.com
You can test your DNS setup at http://protocol.buddycloud.com/


==Securing client connections==
==Securing client connections==


Unless you have a very good reason, there's really no good reason to have clients connecting in clear text to their XMPP server (like using telnet instead of ssh to maintain your server)
Unless you have a very good reason, there's really no good reason to have clients connecting in clear text to their XMPP server (remember, this is like using telnet instead of ssh to maintain your server).


The following settings ensure that only encrypted connections are accepted.
The following settings ensure that only encrypted connections are accepted.
79

edits

Navigation menu