Software /
code /
prosody-modules
Comparison
mod_tls_policy/README.markdown @ 1843:032b209bb8ff
mod_tls_policy/README: Reflow and strip trailing whitespace (pandoc thougt it meant explicit line breaks)
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 12 Sep 2015 21:04:43 +0200 |
parent | 1842:98ad01cc83cf |
child | 1845:ad24f8993385 |
comparison
equal
deleted
inserted
replaced
1842:98ad01cc83cf | 1843:032b209bb8ff |
---|---|
1 % Cipher policy enforcement with application level error reporting | 1 % Cipher policy enforcement with application level error reporting |
2 | 2 |
3 # Introduction | 3 # Introduction |
4 | 4 |
5 This module arose from discussions at the XMPP Summit about enforcing | 5 This module arose from discussions at the XMPP Summit about enforcing |
6 better ciphers in TLS. It may seem attractive to disallow some | 6 better ciphers in TLS. It may seem attractive to disallow some insecure |
7 insecure ciphers or require forward secrecy, but doing this at the TLS | 7 ciphers or require forward secrecy, but doing this at the TLS level |
8 level would the user with an unhelpful "Encryption failed" message. | 8 would the user with an unhelpful "Encryption failed" message. This |
9 This module does this enforcing at the application level, allowing | 9 module does this enforcing at the application level, allowing better |
10 better error messages. | 10 error messages. |
11 | 11 |
12 # Configuration | 12 # Configuration |
13 | 13 |
14 First, download and add the module to `module_enabled`. Then you can | 14 First, download and add the module to `module_enabled`. Then you can |
15 decide on what policy you want to have. | 15 decide on what policy you want to have. |
16 | 16 |
17 Requiring ciphers with forward secrecy is the most simple to set up. | 17 Requiring ciphers with forward secrecy is the most simple to set up. |
18 | 18 |
19 ``` lua | 19 ``` lua |