prosody
1937b3c3efb5
certs/openssl.cnf

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

certs/openssl.cnf @ 11540:1937b3c3efb5 0.11

mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB. These values are aligned with ejabberd's default settings, which should reduce issues related to inconsistent size limits between servers on the XMPP network. The previous default (10MB) is excessive for any production server, and allows significant memory usage by even unauthenticated sessions.
author Matthew Wild <mwild1@gmail.com>
date Fri, 07 May 2021 17:03:49 +0100
parent 6922:e0672860d208
child 12604:bd9e006a7a74
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 oid_section = new_oids
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 [ new_oids ]
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4
5350
fba042a2c228 certs/openssl.cnf: Update XMPP-Core references to reflect RFC publication
Kim Alvefur <zash@zash.se>
parents: 4098
diff changeset
5 # RFC 6120 section 13.7.1.4. defines this OID
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 xmppAddr = 1.3.6.1.5.5.7.8.5
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 # RFC 4985 defines this OID
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 SRVName = 1.3.6.1.5.5.7.8.7
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 [ req ]
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 default_bits = 4096
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 default_keyfile = example.com.key
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 distinguished_name = distinguished_name
6922
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
16 req_extensions = certrequest
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
17 x509_extensions = selfsigned
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 # ask about the DN?
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 prompt = no
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 [ distinguished_name ]
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 commonName = example.com
3704
320738c67100 certs/openssl.cnf: Change countryName from UK to GB
Matthew Wild <mwild1@gmail.com>
parents: 3701
diff changeset
25 countryName = GB
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 localityName = The Internet
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 organizationName = Your Organisation
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 organizationalUnitName = XMPP Department
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 emailAddress = xmpp@example.com
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30
6922
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
31 [ certrequest ]
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 # for certificate requests (req_extensions)
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 basicConstraints = CA:FALSE
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 keyUsage = digitalSignature,keyEncipherment
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 extendedKeyUsage = serverAuth,clientAuth
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 subjectAltName = @subject_alternative_name
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39
6922
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
40 [ selfsigned ]
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
41
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
42 # and self-signed certificates (x509_extensions)
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
43
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
44 basicConstraints = CA:TRUE
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
45 subjectAltName = @subject_alternative_name
e0672860d208 cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents: 5350
diff changeset
46
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 [ subject_alternative_name ]
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48
5350
fba042a2c228 certs/openssl.cnf: Update XMPP-Core references to reflect RFC publication
Kim Alvefur <zash@zash.se>
parents: 4098
diff changeset
49 # See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 DNS.0 = example.com
4098
7d687c348295 certs/openssl.cnf: Specify output encoding.
Kim Alvefur <zash@zash.se>
parents: 3704
diff changeset
52 otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:example.com
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 otherName.1 = SRVName;IA5STRING:_xmpp-client.example.com
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 otherName.2 = SRVName;IA5STRING:_xmpp-server.example.com
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 DNS.1 = conference.example.com
4098
7d687c348295 certs/openssl.cnf: Specify output encoding.
Kim Alvefur <zash@zash.se>
parents: 3704
diff changeset
57 otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:conference.example.com
3701
4f22615c8361 certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 otherName.4 = SRVName;IA5STRING:_xmpp-server.conference.example.com