From 3bc9793a6c68bb55bad3bded20aab98cb8fab0d8 Mon Sep 17 00:00:00 2001
From: Ossi Salmi <osalmi@iki.fi>
Date: Tue, 10 Nov 2015 19:02:29 +0200
Subject: [PATCH] ejabberd: Set ciphersuites and disable SSLv3 in ejabberd.yml

---
 ejabberd/templates/ejabberd.yml.erb | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ejabberd/templates/ejabberd.yml.erb b/ejabberd/templates/ejabberd.yml.erb
index 984be7d..33e0b8d 100644
--- a/ejabberd/templates/ejabberd.yml.erb
+++ b/ejabberd/templates/ejabberd.yml.erb
@@ -18,6 +18,10 @@ listen:
     access: c2s
     starttls_required: true
     certfile: "/etc/ejabberd/ejabberd.pem"
+    ciphers: "<%= scope.lookupvar('ssl::ciphersuites::default_ciphersuites') %>"
+    protocol_options:
+      - "no_sslv2"
+      - "no_sslv3"
   -
 <% if @ipaddress6 -%>
     ip: "::"
@@ -29,6 +33,10 @@ listen:
     access: c2s
     tls: true
     certfile: "/etc/ejabberd/ejabberd.pem"
+    ciphers: "<%= scope.lookupvar('ssl::ciphersuites::default_ciphersuites') %>"
+    protocol_options:
+      - "no_sslv2"
+      - "no_sslv3"
   -
 <% if @ipaddress6 -%>
     ip: "::"
@@ -57,6 +65,10 @@ listen:
 s2s_access: s2s
 s2s_certfile: "/etc/ejabberd/ejabberd.pem"
 s2s_use_starttls: required
+s2s_ciphers: "<%= scope.lookupvar('ssl::ciphersuites::default_ciphersuites') %>"
+s2s_protocol_options:
+  - "no_sslv2"
+  - "no_sslv3"
 
 <% if @auth.is_a?(Array) -%>
 auth_method: