From 73bdc574b584e9c36823c63e9e89e2e090a71c59 Mon Sep 17 00:00:00 2001 From: Jesper Hess Nielsen Date: Fri, 30 Dec 2016 10:57:47 +0100 Subject: [PATCH] Add blog post about S2S TLS requirement --- _posts/2016-12-30-tls-s2s-now-required.md | 27 +++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 _posts/2016-12-30-tls-s2s-now-required.md diff --git a/_posts/2016-12-30-tls-s2s-now-required.md b/_posts/2016-12-30-tls-s2s-now-required.md new file mode 100644 index 0000000..2661195 --- /dev/null +++ b/_posts/2016-12-30-tls-s2s-now-required.md @@ -0,0 +1,27 @@ +--- +title: TLS is now required for S2S connections +layout: post +--- + +Coming to the end of 2016 I've been really happy with how much traffic this service is receiving. As I don't log anything, I haven't really +got a way to see exactly how much you guys have been chatting through xmpp.dk. But I can see from the traffic stats that the server is at least +generating a fair amount of traffic so that's awesome! + +Since we are at the end of 2016 and there is an ever-growing push for more and more privcay, I have decided that now is the time to take the next step. +Up until now, the server has been configured to _prefer_ but not _require_ TLS when connecting to other XMPP servers. That means that even though OTR is +required and your messages aren't being transmitted in cleartext, the XMPP messages themselves might have been. +But from today, the server's configuration has been changed so that TLS is now a _full requirement_ when another XMPP server wants to connect to us. + +This decision does come with some problems, however. There are _lots_ of XMPP servers out there that do not support TLS. Unfortunately, this means that you +as a user will no longer be able to talk to people who use these servers. + +If you're having trouble reaching some of your contacts now, you should either get your friends to persuade their providers to start using TLS for everyone's +increased privacy, or talk your friends into switching to a provider that already does. There are lots of free Jabber servers out there that do support +encrypted communications, so take a look at [xmpp.net][xmppnet] and look for servers that have at least an "A" grade in both C2S (client-to-server) and S2S (server-to-server). + +Happy new year everyone! + +/Graffen + + +[xmppnet]: https://xmpp.net/directory.php \ No newline at end of file