[jdev] Securing XMPP

Dave Cridland dave at cridland.net
Fri Sep 6 20:24:39 UTC 2013


On Fri, Sep 6, 2013 at 7:16 PM, Thijs Alkemade <thijs at xnyhps.nl> wrote:

> However, a large number of clients do not prioritize (EC)DHE above the non-
> ephemeral variants. To enforce that these are used, it is therefore
> required
> to either disable all non-ephemeral suites or configure the server to
> override
> the client's order with the server's order.
>

I may be talking rubbish, but shouldn't the server be overriding the
client's order by default anyway?

In other news, there's a lengthy discussion on use of ADH and
unauthenticated TLS in general - we;ve previously considered this largely
worthless, but using it forces an outside agency trying to "dragnet" to
MITM every connection, which raises significant overhead.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20130906/7463ed0a/attachment.html>


More information about the JDev mailing list