[Ach] question ejabberd
Aaron Zauner
azet at azet.org
Sat Dec 14 23:23:12 CET 2013
OTR is switched on per default in Adium. But yeah, that's pretty much it.
On Sat, Dec 14, 2013 at 7:34 PM, Pepi Zawodsky <pepi.zawodsky at maclemon.at>wrote:
>
> On 13.12.2013, at 18:04, Adi Kriegisch <adi at kriegisch.at> wrote:
> >> So, I have another question to the community of experts. How do I tell
> ejabberd to only use our cipher suite?
> > You can't... or wait, no, patch the source! ;-)
> >
> > Concerning the communication that doesn't matter that much as our
> > recommendation should be OTR (end-to-end security) anyways. So s2s should
> > not matter that much.
>
> Given Clients use OTR that would not matter as much, the reality sadly is
> that only few clients actually use OTR. (In any client I've seen this is
> turned off by default.)
>
> We should certainly emphasize that updating ejabberd is _absolutely_ key
> to getting better crypto support for any (c2s and s2s) connection. Most
> ejabberd installations are somwhere between fairly to terribly outdated.
> (Seems people fear to touch it ever again once they got it to work.)
> Best regards
> Pepi
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20131214/36b5d204/attachment.html>
More information about the Ach
mailing list