summaryrefslogtreecommitdiff
path: root/doc/source/misc/ssl.rst
diff options
context:
space:
mode:
authormathieui <mathieui@mathieui.net>2014-02-14 01:37:18 +0100
committermathieui <mathieui@mathieui.net>2014-02-14 01:37:18 +0100
commit77811e91b4bb78e25ab6b9c7de04586bf3c784f3 (patch)
treec2642587114f4ad6b118a79be2afde8ccb3a2cd3 /doc/source/misc/ssl.rst
parent384fd3e029d0910a9be5165375b446a2ace17bd0 (diff)
downloadpoezio-77811e91b4bb78e25ab6b9c7de04586bf3c784f3.tar.gz
poezio-77811e91b4bb78e25ab6b9c7de04586bf3c784f3.tar.bz2
poezio-77811e91b4bb78e25ab6b9c7de04586bf3c784f3.tar.xz
poezio-77811e91b4bb78e25ab6b9c7de04586bf3c784f3.zip
Documentation update
Diffstat (limited to 'doc/source/misc/ssl.rst')
-rw-r--r--doc/source/misc/ssl.rst24
1 files changed, 20 insertions, 4 deletions
diff --git a/doc/source/misc/ssl.rst b/doc/source/misc/ssl.rst
index f4995f3f..0f7ecd52 100644
--- a/doc/source/misc/ssl.rst
+++ b/doc/source/misc/ssl.rst
@@ -1,9 +1,24 @@
-TLS Management
-==============
+TLS in poezio
+=============
+
+.. _security settings:
Security of the connection
~~~~~~~~~~~~~~~~~~~~~~~~~~
+Enabling or disabling TLS
+-------------------------
+
+Starting from version 0.8, poezio is configured to reject unencrypted connections
+by default, in accordance to the `TLS manifesto`_. Users can still allow
+unencrypted connections by setting the :term:`force_encryption` option to false.
+
+If you cannot connect to your server, maybe it does not allow encrypted connections,
+in which case you should reconfigure it if it is yours, or contact your admin
+to let him know he should try to protect your privacy and credentials, at least
+a little.
+
+
.. _ciphers:
Ciphers
@@ -23,8 +38,8 @@ case, you should notify the administrator that his XMPP server configuration
is probably not great), or if you want to be even more restrictive (only allowing
256 bits of security *and* forward secrecy, for example).
-Cert valididty
-~~~~~~~~~~~~~~
+Certificate validation
+~~~~~~~~~~~~~~~~~~~~~~
Starting from version 0.7.5, poezio offers some options to check the validity
of a X.509 certificate.
@@ -84,3 +99,4 @@ can set the :term:`ignore_certificate` value to true, and let the
.. _Forward Secrecy: https://en.wikipedia.org/wiki/Forward_secrecy
.. _TOFU/TUFU: https://en.wikipedia.org/wiki/User:Dotdotike/Trust_Upon_First_Use
.. _PEM format: https://tools.ietf.org/html/rfc1422.html
+.. _TLS manifesto: https://github.com/stpeter/manifesto/blob/master/manifesto.txt