[Operators] Please enable Forward Secrecy for your servers!

Mike Barnes mike at bremensaki.com
Fri Jul 10 11:11:57 UTC 2015


Do you have any details on which client software and versions you've
tested, Mathias? I've been looking at doing this but I've been more
concerned about the client experience than s2s issues.

You say "very few" users had issues - what was your sample size? It's
really hard to get in touch with a user if you stop their connection
from working, so I'd be really hesitant to jump into something like
this without a lot of warning and publishing required minimum version
information somewhere for them.

On 10 July 2015 at 20:07, Peter Schwindt <operators at schwindt-net.de> wrote:
> Dear *,
>
> On 07/10/2015 11:47 AM, Mathias Ertl wrote:
>
>> We at jabber.at would like to announce that we will exclusively support
>> forward secrecy[1] enabled ciphers starting *October 1st, 2015*. Servers
>> that do not support any of those ciphers by then, will not be able to
>> federate with us until they upgrade.
>
> Thanks, Mathias, for rising this issue.
>
> We're going that mentioned way on jabber.ccc.de, too - but might start
> even earlier. So be warned :)
>
>
> Greetings,
> Peter


More information about the Operators mailing list