July 5, 2015, 2:12 p.m. by mati

Tomorrow morning we will upgrade our server to ejabberd 15.06 (release notes). This will require a short restart. We will use the opportunity to add some configuration improvements:
  • Improved cipher suite to only include ciphers featuring forward secrecy.
  • Improved Diffie-Hellman key exchange parameters, bringing increased transport security to anyone using Diffie-Hellman (DH) based ciphers.
  • Use mod_fail2ban to ban IP-addresses with too many authentication failures. If an IP-Address has five authentication failures, it will be banned for an hour.
  • Websocket connections will have an increased inactivity timeout of one hour. We previously used the default of five minutes.
  • HTTP Bind connections now have an inactivity timeout of five minutes. We previously had a timeout of one minute.
  • Support for Extended Stanza Addressing (XEP-0033) via mod_multicast, which is included in ejabberd since version 15.04.