Merge pull request #3989 from esl/add-tlsv1.3

Adding tlsv1.3
esl · Mar 17, 2023 · 7cb0a1f · 7cb0a1f
2 parents 2858d70 + ecef698
commit 7cb0a1f
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 8 deletions.
diff --git a/big_tests/test.config b/big_tests/test.config
@@ -294,7 +294,7 @@
   connection.username = \"ejabberd\"
   connection.password = \"mongooseim_secret\"
   connection.tls.cacertfile = \"priv/ssl/cacert.pem\"
-  connection.tls.versions = [\"tlsv1.2\"]"},
+  connection.tls.versions = [\"tlsv1.2\", \"tlsv1.3\"]"},
       {service_domain_db, ""},
       {mod_vcard, "  backend = \"rdbms\"
   host = \"vjud.@HOST@\"\n"},
@@ -311,15 +311,15 @@
   connection.port = 3636
   connection.root_dn = \"cn=admin,dc=esl,dc=com\"
   connection.password = \"mongooseim_secret\"
-  connection.tls.versions = [\"tlsv1.2\"]
+  connection.tls.versions = [\"tlsv1.2\", \"tlsv1.3\"]
   connection.tls.cacertfile = \"priv/ssl/cacert.pem\"
   connection.tls.certfile = \"priv/ssl/fake_cert.pem\"
   connection.tls.keyfile = \"priv/ssl/fake_key.pem\"
 [outgoing_pools.ldap.bind]
   scope = \"global\"
   workers = 5
   connection.port = 3636
-  connection.tls.versions = [\"tlsv1.2\"]
+  connection.tls.versions = [\"tlsv1.2\", \"tlsv1.3\"]
   connection.tls.cacertfile = \"priv/ssl/cacert.pem\"
   connection.tls.certfile = \"priv/ssl/fake_cert.pem\"
   connection.tls.keyfile = \"priv/ssl/fake_key.pem\""},

diff --git a/doc/configuration/TLS-hardening.md b/doc/configuration/TLS-hardening.md
@@ -39,12 +39,11 @@ It may be found in `etc/` folder inside MongooseIM release and in `[repository r
 In order to change the list, please find the following lines:
 
 ```
-{protocol_version, ['tlsv1.2'
-                 %, 'tlsv1.3'
+{protocol_version, ['tlsv1.2',
+                    'tlsv1.3'
           ]}
 ```
 
-By default only TLS 1.2 is enabled. To enable TLS 1.3, remove leading `%` before `'tlsv1.3'`.
 The remaining valid values are: `'tlsv1.1'`, `tlsv1`, `sslv3`.
 
 This setting affects the following MongooseIM components:

diff --git a/rel/files/app.config b/rel/files/app.config
@@ -91,8 +91,8 @@
  {{mongooseim_mdb_dir_toggle}}{mnesia, [{dir, "{{mongooseim_mdb_dir}}"}]},
  {ssl, [
         {session_lifetime, 600}, % 10 minutes
-        {protocol_version, ['tlsv1.2'
-                            %, 'tlsv1.3'
+        {protocol_version, ['tlsv1.2',
+                            'tlsv1.3'
                            ]}
        ]},
  {nkservice, [