diff options
Diffstat (limited to 'doc/source/misc/ssl.rst')
| -rw-r--r-- | doc/source/misc/ssl.rst | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/doc/source/misc/ssl.rst b/doc/source/misc/ssl.rst index f4995f3f..0f7ecd52 100644 --- a/doc/source/misc/ssl.rst +++ b/doc/source/misc/ssl.rst @@ -1,9 +1,24 @@ -TLS Management -============== +TLS in poezio +============= + +.. _security settings: Security of the connection ~~~~~~~~~~~~~~~~~~~~~~~~~~ +Enabling or disabling TLS +------------------------- + +Starting from version 0.8, poezio is configured to reject unencrypted connections +by default, in accordance to the `TLS manifesto`_. Users can still allow +unencrypted connections by setting the :term:`force_encryption` option to false. + +If you cannot connect to your server, maybe it does not allow encrypted connections, +in which case you should reconfigure it if it is yours, or contact your admin +to let him know he should try to protect your privacy and credentials, at least +a little. + + .. _ciphers: Ciphers @@ -23,8 +38,8 @@ case, you should notify the administrator that his XMPP server configuration is probably not great), or if you want to be even more restrictive (only allowing 256 bits of security *and* forward secrecy, for example). -Cert valididty -~~~~~~~~~~~~~~ +Certificate validation +~~~~~~~~~~~~~~~~~~~~~~ Starting from version 0.7.5, poezio offers some options to check the validity of a X.509 certificate. @@ -84,3 +99,4 @@ can set the :term:`ignore_certificate` value to true, and let the .. _Forward Secrecy: https://en.wikipedia.org/wiki/Forward_secrecy .. _TOFU/TUFU: https://en.wikipedia.org/wiki/User:Dotdotike/Trust_Upon_First_Use .. _PEM format: https://tools.ietf.org/html/rfc1422.html +.. _TLS manifesto: https://github.com/stpeter/manifesto/blob/master/manifesto.txt |