Listener Modules doc refactor #1527
Conversation
ludwikbukowski
commented
Oct 17, 2017
ludwikbukowski
commented
- changed default ciphers
- changed some default values
- removed "host" and "hosts" options in ejabberd_service docs
Those were removed in 4103892 commit and the "password" option was introduced.
ludwikbukowski
force-pushed
the
ejabberd-service-doc
branch
from
666d798
to
0d74fc9
Compare
| @@ -16,14 +16,15 @@ You only need to declare running `ejabberd_c2s`, to have the other 2 modules sta | |||
|
|
|||
| ### Configuration | |||
|
|
|||
| * `certfile` (string, default: no certfile will be used) - Path to the X509 PEM file with a certificate and a private key (not protected by a password). | |||
| * `certfile` (string, default: no certfile will be used) - Path to the X509 PEM file with a certificate and a private key (not protected by a password). If the certificate is signed by an intermediate CA, you should specify here the whole CA chain. | |||
There was a problem hiding this comment.
concatenate all public keys and the append private one.
I should put it in docs I guess
| * `starttls` (default: disabled) - Enables StartTLS support; requires `certfile`. | ||
| * `starttls_required` (default: disabled) - enforces StartTLS usage. | ||
| * `tls` (default: disabled) - enables the old SSL connection. |
There was a problem hiding this comment.
What does 'old' mean? (I know it but the reader might not :))
There was a problem hiding this comment.
you're right, its not informative - I just took it from ejabberd.cfg file [1]
Can be changed in both files then
[1] https://github.com/esl/MongooseIM/blob/master/rel/files/ejabberd.cfg#L238
| * `host` ( tuple: `{host, Domain, [{password, "password here"}]}`, optional when `hosts` present) - Only allowed domain for components, protected by password. | ||
| Must be set when `hosts` are not present. | ||
| * `shaper_rule` (atom, default: `fast`) - Connection shaper to use for incoming component traffic. | ||
| * `password` (string) - with this password the service is protected |
There was a problem hiding this comment.
_.' : `._
.-.'`. ; .'`.-.
__ / : ___\ ; /___ ; \ __
,'_ ""--.:__;".-.";: :".-.":__;.--"" _`,
:' `.t""--.. '<@.`;_ ',@>` ..--""j.' `;
`:-.._J '-.-'L__ `-- ' L_..-;'
"-.__ ; .-" "-. : __.-"
L ' /.------.\ ' J
"-. "--" .-"
__.l"-:_JL_;-";.__
.-j/'.; ;"""" / .'\"-.
.' /:`. "-.: .-" .'; `.
.-" / ; "-. "-..-" .-" : "-.
.+"-. : : "-.__.-" ;-._ \
; \ `.; ; : : "+. ;
: ; ; ; : ; : \:
: `."-; ; ; MIM : ; ,/;
; -: ; : ; : .-"' :
:\ \ : ; : \.-" :
;`. \ ; : ;.'_..-- / ;
: "-. "-: ; :/." .' :
\ .-`.\ /t-"" ":-+. :
`. .-" `l __/ /`. : ; ; \ ;
\ .-" .-"-.-" .' .'j \ / ;/
\ / .-" /. .'.' ;_:' ;
:-""-.`./-.' / `.___.'
\ `t ._ /
"-.t-._:'
fc63950
to
bcb8219
Compare
| @@ -20,10 +20,10 @@ You only need to declare running `ejabberd_c2s`, to have the other 2 modules sta | |||
| * `starttls` (default: disabled) - Enables StartTLS support; requires `certfile`. | |||
| * `starttls_required` (default: disabled) - enforces StartTLS usage. | |||
| * `zlib` (atom or a positive integer, default: disabled) - Enables ZLIB support, the integer value is a limit for a decompressed output size (to prevent successful [ZLIB bomb attack](http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/)); the limit can be disabled with an atom 'unlimited'. | |||
| * `ciphers` (string, default: as of OpenSSL 1.0.0 it's `ALL:!aNULL:!eNULL` [(source)](https://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS)) - cipher suites to use with StartTLS. | |||
| Please refer to the [OpenSSL documentation](http://www.openssl.org/docs/apps/ciphers.html) for the cipher string format. | |||
| * `ciphers` (string, default: as of OpenSSL 1.0.2 it's `ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2` [(source)](https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER_STRINGS)) - cipher suites to use with StartTLS. | |||
There was a problem hiding this comment.
!EXPORT:!LOW:!SSLv2:!aNULL:!eNULL:!IDEA:!RC4:!3DES:!SSLv3:!SSLv2:!DSS:!SRP:!PSK
There was a problem hiding this comment.
ECDHE-RSA-AES256-SHA:HIGH:!AESGCM:!CAMELLIA:!3DES:!EDH:!EXPORT:!MD5:!PSK:!RC4:!SRP:!aNULL:!eNULL
|
Some ciphers are insecure or obsolete. |
|
5811.1 / Erlang 19.3 / small_tests / 9924bee 5811.3 / Erlang 19.3 / mysql_redis / 9924bee 5811.2 / Erlang 19.3 / internal_mnesia / 9924bee mod_global_distrib_SUITE:mod_global_distrib:test_pm_with_ungraceful_reconnection_to_different_server{error,
{timeout_when_waiting_for_stanza,
[{escalus_client,wait_for_stanza,
[{client,<<"eve34.261857@localhost/res1">>,escalus_tcp,
<0.13137.1>,
[{event_manager,<0.13128.1>},
{server,<<"localhost">>},
{username,<<"eve34.261857">>},
{resource,<<"res1">>}],
[{event_client,
[{event_manager,<0.13128.1>},
{server,<<"localhost">>},
{username,<<"eve34.261857">>},
{resource,<<"res1">>}]},
{resource,<<"res1">>},
{username,<<"eve34.261857">>},
{server,<<"localhost">>},
{host,<<"localhost">>},
{port,5222},
{auth,{escalus_auth,auth_plain}},
{wspath,undefined},
{username,<<"eve34.261857">>},
{server,<<"localhost">>},
{password,<<"password">>},
{port,5222},
{stream_management,true},
{stream_id,<<"A34EE5CCE4F3A5D1">>}]},
10000],
[{file,
"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_client.erl"},
{line,138}]},
{mod_global_distrib_SUITE,
'-test_pm_with_ungraceful_reconnection_to_different_server/1-fun-0-',
4,
[{file,"mod_global_distrib_SUITE.erl"},{line,607}]},
{escalus_story,story,4,
[{file,
"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
{line,72}]},
...mod_global_distrib_SUITE:mod_global_distrib:test_pm_with_ungraceful_reconnection_to_different_server{error,
{timeout_when_waiting_for_stanza,
[{escalus_client,wait_for_stanza,
[{client,<<"eve73.559626@localhost/res1">>,escalus_tcp,
<0.13601.1>,
[{event_manager,<0.13592.1>},
{server,<<"localhost">>},
{username,<<"eve73.559626">>},
{resource,<<"res1">>}],
[{event_client,
[{event_manager,<0.13592.1>},
{server,<<"localhost">>},
{username,<<"eve73.559626">>},
{resource,<<"res1">>}]},
{resource,<<"res1">>},
{username,<<"eve73.559626">>},
{server,<<"localhost">>},
{host,<<"localhost">>},
{port,5222},
{auth,{escalus_auth,auth_plain}},
{wspath,undefined},
{username,<<"eve73.559626">>},
{server,<<"localhost">>},
{password,<<"password">>},
{port,5222},
{stream_management,true},
{stream_id,<<"15666256FD9FF2A8">>}]},
10000],
[{file,
"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_client.erl"},
{line,138}]},
{mod_global_distrib_SUITE,
'-test_pm_with_ungraceful_reconnection_to_different_server/1-fun-0-',
4,
[{file,"mod_global_distrib_SUITE.erl"},{line,607}]},
{escalus_story,story,4,
[{file,
"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
{line,72}]},
...5811.6 / Erlang 19.3 / elasticsearch_and_cassandra_mnesia / 9924bee 5811.4 / Erlang 19.3 / odbc_mssql_mnesia / 9924bee 5811.5 / Erlang 19.3 / ldap_mnesia / 9924bee mod_global_distrib_SUITE:mod_global_distrib:test_pm_with_ungraceful_reconnection_to_different_server{error,
{timeout_when_waiting_for_stanza,
[{escalus_client,wait_for_stanza,
[{client,<<"eve96.792394@localhost/res1">>,escalus_tcp,
<0.12153.1>,
[{event_manager,<0.12144.1>},
{server,<<"localhost">>},
{username,<<"eve96.792394">>},
{resource,<<"res1">>}],
[{event_client,
[{event_manager,<0.12144.1>},
{server,<<"localhost">>},
{username,<<"eve96.792394">>},
{resource,<<"res1">>}]},
{resource,<<"res1">>},
{username,<<"eve96.792394">>},
{server,<<"localhost">>},
{host,<<"localhost">>},
{port,5222},
{auth,{escalus_auth,auth_plain}},
{wspath,undefined},
{username,<<"eve96.792394">>},
{server,<<"localhost">>},
{password,<<"password">>},
{port,5222},
{stream_management,true},
{stream_id,<<"1829E8DB2E981BA7">>}]},
10000],
[{file,
"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_client.erl"},
{line,138}]},
{mod_global_distrib_SUITE,
'-test_pm_with_ungraceful_reconnection_to_different_server/1-fun-0-',
4,
[{file,"mod_global_distrib_SUITE.erl"},{line,607}]},
{escalus_story,story,4,
[{file,
"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
{line,72}]},
...5811.8 / Erlang 20.0 / pgsql_mnesia / 9924bee 5811.9 / Erlang 21.0 / riak_mnesia / 9924bee 5811.2 / Erlang 19.3 / internal_mnesia / 9924bee |
Codecov Report
@@ Coverage Diff @@
## master #1527 +/- ##
==========================================
- Coverage 76.91% 76.59% -0.32%
==========================================
Files 323 323
Lines 28116 28173 +57
==========================================
- Hits 21626 21580 -46
- Misses 6490 6593 +103
Continue to review full report at Codecov.
|
| * `certfile` (string, default: no certfile will be used) - Path to the X509 PEM file with a certificate and a private key (not protected by a password). | ||
| If the certificate is signed by an intermediate CA, you should specify here the whole CA chain by concatenating all public keys together and appending private key after that. |
There was a problem hiding this comment.
If the certificate is signed by an intermediate CA, you should specify here the whole CA chain by concatenating all public keys together and appending the private key after that.
