[19:05:33]
<Curator> kas, to achieve what you wanted add the following into options...
options = { "no_sslv2", "no_sslv3", "no_tlsv1", "no_tlsv1_1" }
[19:05:44]
<Maranda> kas, that's what ultimately prosody does with tlsv1_2+
[19:06:03]
<Maranda> just had time to review that today
[19:06:04]
<kas> Thanks for the suggestion! I will try it immediately. :)
[19:08:10]
<Maranda> no problem yw
[19:09:33]
<kas> xmpp.net is testing my metronome instance now :)
[19:17:43]
<kas> It doesn't work as expected: It ends up allowing TLSv1+.
[19:20:40]
<Maranda> did you reload config and reload mod_tls, and mod_c2s / mod_s2s?
[19:27:47]
<Maranda> Because that's everything you need, else try adding also protocol = { "sslv23" }
[19:28:08]
<Maranda> (and do the same above)
[19:28:31]
<kas> But I don't want SSLv23 I only want TLS and only 1.2 and above.
[19:28:40]
<kas> But yes, I did reload.
[19:36:49]
<Maranda> kas, that's how prosody does it
[19:37:22]
<Maranda> allows all protocols with sslv23 then uses no_* to limit the choice disabling the other protocols
[19:38:37]
<kas> Hm…, I will have to check it again then. I already had some other tls options (like "no_ticket" and some other), perhaps I got the notation wrong (but metronome didn't complain).
[19:45:23]
<Maranda> kas, I'd not touch protocols, by default it should be sslv23, noticket without configuring it.
[19:47:43]
<kas> Thanks. Initially I just copied over the config details I have for protocol and options in Prosody, but I may have to adjust it. I have to wait for a while until I can test it again obn xmpp.net.
[20:21:48]
<Maranda> Added it to the documentation repo just in case:
https://aria-net.org/Shared%20Documents/Metronome%20IM/Limit%20TLS%20protocols%20usage%20only%20to%20certain%20ones.docx?web=1
[21:06:00]
<kas> Thanks, that's great!