Henry
2013-01-25 23:24:06 UTC
Hey guys I'm hoping you can help me with some configuration challenges
I'm having using TLS and specifying the ciphers in my jabber.xml file.
My goals is to only allow certain ciphers or pretty much disable all
ciphers except for 1 or 2.
My server is running debian squeeze 6.0.4
Jabberd Version 1.4.3
From googling around only thing I found was someone saying you're
suppose to add the <tls> tag under <io> and inside you specified the
cipher with <ciphers> tag. This is my current config:
<io>
my io config..
blah..
blah...
/ <tls>//
////<ciphers>AES_256_CBC</ciphers>//
// </tls>/
</io>
however when ever I test it I still able to connect using other cyphers:
/
//$ openssl s_client -connect <myserver>:5223 -tls1 -cipher EXP-RC4-MD5
2>1 | grep Cipher//
//New, TLSv1/SSLv3, Cipher is EXP-RC4-MD5//
// Cipher : EXP-RC4-MD5//
//
//$ openssl s_client -connect <myserver>:5223 -tls1 -cipher AES128-SHA
2>1 | grep Cipher//
//New, TLSv1/SSLv3, Cipher is AES128-SHA//
// Cipher : AES128-SHA//
//
// $ openssl s_client -connect <myserver>:5223 -tls1 -cipher DES-CBC-SHA
2>1 | grep Cipher//
//New, TLSv1/SSLv3, Cipher is DES-CBC-SHA//
// Cipher : DES-CBC-SHA/
I've also try this cause someone said it needs the <credentials>:
/ <tls>//
// <credentials>//
// <ciphers>AES_256_CBC</ciphers>//
// </credentials>//
// </tls>/
but that still allows a bunch of ciphers and debug doesn't really show
any errors or problems. At this point I'm pretty user I'm missing
something.
Any help would be appreciated! Let me know if you need any other info.
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jadmin/attachments/20130125/7ffc5056/attachment.html>
I'm having using TLS and specifying the ciphers in my jabber.xml file.
My goals is to only allow certain ciphers or pretty much disable all
ciphers except for 1 or 2.
My server is running debian squeeze 6.0.4
Jabberd Version 1.4.3
From googling around only thing I found was someone saying you're
suppose to add the <tls> tag under <io> and inside you specified the
cipher with <ciphers> tag. This is my current config:
<io>
my io config..
blah..
blah...
/ <tls>//
////<ciphers>AES_256_CBC</ciphers>//
// </tls>/
</io>
however when ever I test it I still able to connect using other cyphers:
/
//$ openssl s_client -connect <myserver>:5223 -tls1 -cipher EXP-RC4-MD5
2>1 | grep Cipher//
//New, TLSv1/SSLv3, Cipher is EXP-RC4-MD5//
// Cipher : EXP-RC4-MD5//
//
//$ openssl s_client -connect <myserver>:5223 -tls1 -cipher AES128-SHA
2>1 | grep Cipher//
//New, TLSv1/SSLv3, Cipher is AES128-SHA//
// Cipher : AES128-SHA//
//
// $ openssl s_client -connect <myserver>:5223 -tls1 -cipher DES-CBC-SHA
2>1 | grep Cipher//
//New, TLSv1/SSLv3, Cipher is DES-CBC-SHA//
// Cipher : DES-CBC-SHA/
I've also try this cause someone said it needs the <credentials>:
/ <tls>//
// <credentials>//
// <ciphers>AES_256_CBC</ciphers>//
// </credentials>//
// </tls>/
but that still allows a bunch of ciphers and debug doesn't really show
any errors or problems. At this point I'm pretty user I'm missing
something.
Any help would be appreciated! Let me know if you need any other info.
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jadmin/attachments/20130125/7ffc5056/attachment.html>