ejabberd: Set ciphersuites and disable SSLv3 in ejabberd.yml

2015-11-10 19:02:29 +02:00 · 2015-11-10 19:02:29 +02:00 · 3bc9793a6c
commit 3bc9793a6c
parent b8b42cbafc
1 changed files with 12 additions and 0 deletions
--- a/ejabberd/templates/ejabberd.yml.erb
+++ b/ejabberd/templates/ejabberd.yml.erb
@ -18,6 +18,10 @@ listen:
    access: c2s
    starttls_required: true
    certfile: "/etc/ejabberd/ejabberd.pem"
+    ciphers: "<%= scope.lookupvar('ssl::ciphersuites::default_ciphersuites') %>"
+    protocol_options:
+      - "no_sslv2"
+      - "no_sslv3"
  -
 <% if @ipaddress6 -%>
    ip: "::"
@ -29,6 +33,10 @@ listen:
    access: c2s
    tls: true
    certfile: "/etc/ejabberd/ejabberd.pem"
+    ciphers: "<%= scope.lookupvar('ssl::ciphersuites::default_ciphersuites') %>"
+    protocol_options:
+      - "no_sslv2"
+      - "no_sslv3"
  -
 <% if @ipaddress6 -%>
    ip: "::"
@ -57,6 +65,10 @@ listen:
 s2s_access: s2s
 s2s_certfile: "/etc/ejabberd/ejabberd.pem"
 s2s_use_starttls: required
+s2s_ciphers: "<%= scope.lookupvar('ssl::ciphersuites::default_ciphersuites') %>"
+s2s_protocol_options:
+  - "no_sslv2"
+  - "no_sslv3"

 <% if @auth.is_a?(Array) -%>
 auth_method: