Table of Contents

mod_tls

Enables SSL/TLS encryption on connected streams.

Details

mod_tls implements TLS as described in XMPP Core. For information on obtaining and configuring certificates, see our documentation on certificates.

Usage

    modules_enabled = {
        -- Other modules
        "tls"; -- Enable mod_tls
    }

Configuration

Option Default Notes
c2s_require_encryption false Whether to force all client-to-server connections to be encrypted or not
s2s_require_encryption false Whether to force all server-to-server connections to be encrypted or not (you may also want to enforce certificate authentication - see s2s security for more info)

These options will cause Prosody to deny connections that are not encrypted. Note that some servers do not support s2s encryption or have it disabled, including gmail.com and Google Apps domains.

Example

    modules_enabled = {
        -- Other modules
        "tls"; -- Enable mod_tls
    }
 
    c2s_require_encryption = true
    s2s_require_encryption = true