[Operators] S2S problems

Mathias Ertl mati at fsinf.at
Thu Sep 19 09:15:28 UTC 2013


On Sat, Sep 14, 2013 at 08:49:09PM +0700, Aryo Sandiyudo wrote:
> Interesting blog post, this will be a tremendous input for people who
> manage a XMPP server, XMPP server developers and XMPP client developers.
> Good job!

A *very* interesting, and also frustrating, blogpost indeed.

I am the admin of jabber.at (operators might also take note of
https://list.jabber.at for another list of jabber servers ;-)), one of the
servers getting the top score of 93/100 in both c2s and s2s security.

The post is frustratig because: I didn't do anything really that special to
set up our server (apart from an up-to-date ejabberd version, but even
Debian Stable is only a few minor points behind). No complicated cipher
configuration or anything, its a normal Ubuntu 12.04 LTS installation. Why
do almost all other servers score so much worse, even those with valid
certificates?

According to that list, 30 Servers use Linux 2.6.32. This version ships
with Ubuntu 10.04 and Debian oldstable, so I guess most of these use these
two versions. So those could be explained with old versions of OpenSSL.
Together with the many outdated certificates, this gives a not-so-good
picture of the state of the XMPP network. Please update your systems!
Update your certificates!

I guess I will do a blog-post on a more secure setup. I hope I contribute
to a more secure XMPP network.

greetings Mati

-- 
I only read plain text mail! I prefer pgp|gpg signed & encrypted mails!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20130919/b98d3b4a/attachment.pgp>


More information about the Operators mailing list