| 1234567891011121314151617181920 |
- # only allow tls1.2 and tls1.3
- define_macro:
- 'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
- 'TLS_OPTIONS':
- - "no_sslv3"
- - "no_tlsv1"
- - "no_tlsv1_1"
- - "cipher_server_preference"
- - "no_compression"
- c2s_ciphers: 'TLS_CIPHERS'
- s2s_ciphers: 'TLS_CIPHERS'
- c2s_protocol_options: 'TLS_OPTIONS'
- s2s_protocol_options: 'TLS_OPTIONS'
- s2s_use_starttls: required
- certfiles:
- - /etc/ssl/ejabberd/fullchain.pem
- - /etc/ssl/ejabberd/key.pem
|
