Comment puis-je get Prosody pour utiliser TLS 1.2?

J'ai développé Prosody sur mon server LTS Ubuntu 14.04. J'ai installé OpenSSL 1.01f, ce qui est confirmé par l'exécution de la openssl version . TLSv1.2 est pris en charge et confirmé en exécutant openssl ciphers -v 'TLSv1.2'

J'ai suivi ce guide pour faire avancer le secret.

En dépit de tout cela, il semble que mon server Prosody soit toujours bloqué en utilisant TLSv1.0 qui est confirmé en vérifiant l' Observatoire XMPP et aussi en exécutant la command openssl s_client -connect mydomain.com:5222 -starttls xmpp < /dev/null ce qui entraîne une connection TLS1.0.

Ajout du protocol = "tlsv1_2"; à ma configuration sous les résultats des options SSL, le journal des erreurs Prosody "protocole invalide".

Voici une copy de ma configuration Prosody:

 admins = {"me@mydomain.com"} modules_enabled = { -- Generally required "roster"; -- Allow users to have a roster. Recommended ;) "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. "tls"; -- Add support for secure TLS on c2s/s2s connections "dialback"; -- s2s dialback support "disco"; -- Service discovery "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. -- Not essential, but recommended "private"; -- Private XML storage (for room bookmarks, etc.) "vcard"; -- Allow users to set vCards -- These are commented by default as they have a performance impact --"privacy"; -- Support privacy lists "compression"; -- Stream compression (requires the lua-zlib package installed) -- Nice to have "version"; -- Replies to server version requests "uptime"; -- Report how long server has been running "time"; -- Let others know the time here on this server "ping"; -- Replies to XMPP pings with pongs "pep"; -- Enables users to publish their mood, activity, playing music and more "register"; -- Allow users to register on this server using a client and change passwords -- Admin interfaces "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 -- HTTP modules --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" --"http_files"; -- Serve static files from a directory over HTTP -- Other specific functionality --"groups"; -- Shared roster support --"announce"; -- Send announcement to all online users --"welcome"; -- Welcome users who register accounts --"watchregistrations"; -- Alert admins of registrations --"motd"; -- Send a message to users when they log in --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. }; modules_disabled = { -- "offline"; -- Store offline messages -- "c2s"; -- Handle client connections -- "s2s"; -- Handle server-to-server connections }; allow_registration = false; ssl = { key = "/etc/prosody/certs/localhost.key"; certificatee = "/etc/prosody/certs/localhost.crt"; } c2s_require_encryption = true s2s_require_encryption = true s2s_secure_auth = true pidfile = "/var/run/prosody/prosody.pid" authentication = "internal_plain" log = { info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging error = "/var/log/prosody/prosody.err"; "*syslog"; } VirtualHost "mydomain.com" ssl = { key = "/etc/letsencrypt/archive/mydomain.com/privkey3.pem"; certificatee = "/etc/letsencrypt/archive/mydomain.com/fullchain3.pem"; cafile = "/etc/ssl/certs/ca-certificatees.crt"; ciphers="EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4"; dhparam = "/etc/pki/tls/dh-2048.pem"; } Component "conference.mydomain.com" "muc" Component "proxy.mydomain.com" "proxy65"