diff options
| author | Kim Alvefur <zash@zash.se> | 2022-01-21 17:59:19 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2022-01-21 17:59:19 +0100 |
| commit | 268dfa38c09c78b0bdab2cb1e3590b1ffa3ad86e (patch) | |
| tree | 4b547f5bb0b192380a8efcbbd59cb5633e272566 /CHANGES | |
| parent | 9f1af0be2e0f546ef10601df189988c069107963 (diff) | |
| download | prosody-268dfa38c09c78b0bdab2cb1e3590b1ffa3ad86e.tar.gz prosody-268dfa38c09c78b0bdab2cb1e3590b1ffa3ad86e.zip | |
mod_s2s: Enable outgoing Direct TLS connections
Makes it faster by cutting out the roundtrips involved in <starttls/>,
at the cost of making an additional SRV lookup.
Since we already ignore a missing <starttls/> offer and try anyway there
is not much difference in security. The fact that XMPP is used and the
hostnames involved might still be visible until the future Encrypted
ClientHello extension allows hiding those too.
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -27,7 +27,7 @@ TRUNK - SNI support (including automatic certificate selection) - ALPN support in mod_net_multiplex - DANE support in low-level network layer -- Direct TLS support (c2s and incoming s2s) +- Direct TLS support (c2s and s2s) - SCRAM-SHA-256 - Direct TLS (including https) certificates updated on reload - Pluggable authorization providers (mod_authz_) |