prosody
1937b3c3efb5
certs/openssl.cnf

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

certs/openssl.cnf @ 11540:1937b3c3efb5 0.11

mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB. These values are aligned with ejabberd's default settings, which should reduce issues related to inconsistent size limits between servers on the XMPP network. The previous default (10MB) is excessive for any production server, and allows significant memory usage by even unauthenticated sessions.
author Matthew Wild <mwild1@gmail.com>
date Fri, 07 May 2021 17:03:49 +0100
parent 6922:e0672860d208
child 12604:bd9e006a7a74
line wrap: on
line source

oid_section = new_oids

[ new_oids ]

# RFC 6120 section 13.7.1.4. defines this OID
xmppAddr = 1.3.6.1.5.5.7.8.5

# RFC 4985 defines this OID
SRVName  = 1.3.6.1.5.5.7.8.7

[ req ]

default_bits       = 4096
default_keyfile    = example.com.key
distinguished_name = distinguished_name
req_extensions     = certrequest
x509_extensions    = selfsigned

# ask about the DN?
prompt = no

[ distinguished_name ]

commonName             = example.com
countryName            = GB
localityName           = The Internet
organizationName       = Your Organisation
organizationalUnitName = XMPP Department
emailAddress           = xmpp@example.com

[ certrequest ]

# for certificate requests (req_extensions)

basicConstraints = CA:FALSE
keyUsage         = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectAltName   = @subject_alternative_name

[ selfsigned ]

# and self-signed certificates (x509_extensions)

basicConstraints = CA:TRUE
subjectAltName = @subject_alternative_name

[ subject_alternative_name ]

# See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.

DNS.0       =                                           example.com
otherName.0 =                 xmppAddr;FORMAT:UTF8,UTF8:example.com
otherName.1 =            SRVName;IA5STRING:_xmpp-client.example.com
otherName.2 =            SRVName;IA5STRING:_xmpp-server.example.com

DNS.1       =                                conference.example.com
otherName.3 =      xmppAddr;FORMAT:UTF8,UTF8:conference.example.com
otherName.4 = SRVName;IA5STRING:_xmpp-server.conference.example.com