Difference between revisions of "Securing XMPP"

Jump to navigation Jump to search

Securing XMPP (view source)

Revision as of 16:51, 26 December 2023

8 bytes added ,  16:51, 26 December 2023
m
no edit summary
(→‎Prosody: Encryption is required now and random configuration snippets on the interwebs is considered harmful)
m
 
(One intermediate revision by one other user not shown)
Line 10: Line 10:


=== Step1: Get a server certificate===
=== Step1: Get a server certificate===
Let's say you run an XMPP service for <code>example.net</code> (jids of user@example.net), you will need to order a certificate for with a subject or alt-name of <code>example.net</code> (not <code>server.example.net</code>) from your preferred cert provider. The certificate should also include alt-names for subomains such as <code>conference.example.net</code>, at least for services that should be accessible to remote users.
Let's say you run an XMPP service for <code>domain.tld</code> (jids of user@domain.tld), you will need to order a certificate for with a subject or alt-name of <code>domain.tld</code> (not <code>server.domain.tld</code>) from your preferred cert provider. The certificate should also include alt-names for subomains such as <code>conference.domain.tld</code>, at least for services that should be accessible to remote users.


=== Step 2: Disable cleartext connections ===
=== Step 2: Disable cleartext connections ===
Line 42: Line 42:


==== Prosody ====
==== Prosody ====
Prosody is secure by default, as of version 0.12.x no changes to the default configuration is required to enable or enforce encrypted connections.
Prosody is aiming to be secure by default, as of version 0.12.x no changes to the default configuration is required to enable or enforce encrypted connections.


Further help:
Further help:
Neustradamus
216

edits

Retrieved from "https://wiki.xmpp.org/web/Special:MobileDiff/14556...14886"

Navigation menu