From bdcb7e1709c1496d585df5d0bc714ce00fb6f0c8 Mon Sep 17 00:00:00 2001 From: mguschin Date: Wed, 4 Feb 2026 13:52:52 +0300 Subject: [PATCH] Fixed tls config.. --- data/prosody/configuration/prosody.cfg.lua | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/data/prosody/configuration/prosody.cfg.lua b/data/prosody/configuration/prosody.cfg.lua index 53087b3..a57c547 100644 --- a/data/prosody/configuration/prosody.cfg.lua +++ b/data/prosody/configuration/prosody.cfg.lua @@ -55,10 +55,17 @@ component_ports = { 5347 } http_ports = { 5280 } https_ports = { 5281 } --- Disable TLS on c2s/s2s by default for docker -c2s_require_encryption = false +-- Require TLS on c2s/s2s connections +c2s_require_encryption = true s2s_require_encryption = false +-- TLS/SSL options for all connections +ssl = { + protocol = "tlsv1_2+"; + ciphers = "HIGH:!aNULL:!MD5"; + options = { "no_sslv2", "no_sslv3", "no_compression", "cipher_server_preference" }; +} + -- Disable SASLauth external authentication authentication = "internal_plain"