Difference between revisions of "Securing XMPP"

Jump to navigation Jump to search
1,241 bytes added ,  22:29, 19 May 2014
m
no edit summary
(→‎ejabberd: bug report from Klaus Seistrup)
m
Line 27: Line 27:
  {s2s_use_starttls, required}.
  {s2s_use_starttls, required}.
  {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
  {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
Further help:
* Homepage: [http://ejabberd.im/ ejabberd.im]
* Chatroom: [xmpp:ejabberd@conference.jabber.ru?join ejabberd@conference.jabber.ru]
* Documentation: [http://www.process-one.net/docs/ejabberd/guide_en.html ejabberd Installation and Operation Guide]


=== Prosody ===
=== Prosody ===
Line 34: Line 39:


Further help:
Further help:
* Homepage: [https://prosody.im/ Prosody IM]
* Chatroom: [https://prosody.im/chat/ prosody@conference.prosody.im]
* Chatroom: [https://prosody.im/chat/ prosody@conference.prosody.im]
* Documentation: [https://prosody.im/doc/security Prosody.IM: Security]
* Documentation: [https://prosody.im/doc/security Prosody.IM: Security]
=== Metronome ===
Ensure that ''metronome.cfg.lua'' contains the following settings in the global section of your config, or under the specific <code>VirtualHost</code> you want to secure:
  c2s_require_encryption = true
  s2s_require_encryption = true
Further help:
* Homepage: [http://www.lightwitch.org/metronome Metronome IM]
* Chatroom: [xmpp:grimoire@muc.metronome.im?join grimoire@muc.metronome.im]
* Documentation: [http://www.lightwitch.org/metronome/documentation lightwitch.org/metronome/documentation]


=== Tigase ===
=== Tigase ===
Line 49: Line 65:
In order to have improved security Tigase features [http://www.tigase.org/content/hardened-mode 'hardened mode'] which turns off workaround for SSL issues, turns off SSLv2, forces enabling more secure ciphers suites and also forces requirement of StartTLS.
In order to have improved security Tigase features [http://www.tigase.org/content/hardened-mode 'hardened mode'] which turns off workaround for SSL issues, turns off SSLv2, forces enabling more secure ciphers suites and also forces requirement of StartTLS.
  --hardened-mode=true
  --hardened-mode=true
Further help:
* Homepage: [http://www.tigase.org/ Tigase.org]
* Documentation: [http://www.tigase.org/admin-guide Admin guide]


=== Openfire ===
=== Openfire ===
Line 57: Line 77:
# Check the checkbox marked ''Accept self-signed certificates''
# Check the checkbox marked ''Accept self-signed certificates''
# Done!
# Done!
Further help:
* Homepage: [http://igniterealtime.org/projects/openfire/ Openfire]
* Chatroom: [xmpp:open_chat@conference.igniterealtime.org?join open_chat@conference.igniterealtime.org]
* Documentation: [http://igniterealtime.org/projects/openfire/documentation.jsp Openfire documentation]


== Step 3: Check your XMPP Security ==
== Step 3: Check your XMPP Security ==
[http://xmpp.net/ Test your XMPP security] to be sure.
[http://xmpp.net/ Test your XMPP security] to be sure.
199

edits

Navigation menu