Site (RSS, Atom)
Weblog status
Total entries: 50
Last entry: 2016-10-17 22:22:03
Last updated: 2016-10-18 07:57:57
powered by vim, bash, cat, grep, sed, and nb 3.4.2

2014-11-20 23:50:18

jabberd with FS and without SSL3

This post is an update to my post about enabling forward secrecy in jabberd.

If you use a stock Red Hat / Centos 5 OpenSSL package then you will maybe notice that SSL3 is still enabled. This will be "punished" by the IM Observatory. In order to manually disable the ancient SSLv2 and SSLv3 protocols you just need an extra call of SSL_CTX_set_options.

This is included in a new version of the forward secrecy patch. A binary RPM package for RHEL / Centos 5 and a source RPM package are also available.

If you use the additional OpenSSL 1.0.1 package on RHEL / Centos 5 then you should use the special jabberd-openssl1 package (SRPM) which gives you also TLS 1.1 and TLS 1.2 and even more points on the IM Observatory.

Update 2015-08-09: The package is included in the tuxad repo.

Posted by Frank W. Bergmann | Permanent link | File under: c, ssl, encryption, rpm, yum, repository, redhat, openssl, jabber