37 # SSL options:

    37 # SSL/TLS options:

    38 # Set ssl non-zero to use SSL (this also sets the default port to 5223).

    38 # TLS is now regarded as the default encryption for connecting to jabber.

    39 # * Please note that certificate verification is NOT yet supported if

    39 # You can require TLS by setting tls to 1. If your jabber server

    40 #   mcabber is compiled with GnuTLS (only works with OpenSSL).

    40 # still doesn't support TLS, you can use the old-style SSL by setting

    41 #   You can use mcabber -V to check.

    41 # ssl to 1. It's not possible to use old-style SSL and TLS together.

    42 # Set ssl_verify to 0 to disable certificate verification, or non-zero

    43 # to set desired maximum CA verification depth. Use -1 to specify an

    44 # unlimited depth.

    45 # NOTE: You probably need to set ssl_capath for SSL cert verification to work!

    46 # Set ssl_cafile to a path to a CA certificate file (may contain multiple

    47 # CA certificates).

    48 # Set ssl_capath to a directory containing CA certificates (use c_rehash

    49 # to generate hash links).

    50 # Set ssl_ciphers to a list of desired SSL ciphers (run "openssl ciphers"

    51 # for candidate values).

    53 #set ssl_verify = -1

    43 set tls = 1

    54 #set ssl_cafile = /usr/share/ssl/certs/ca-bundle.crt

    44 # Moreover, it's possible to check whether the fingerprint of the

    55 #set ssl_capath =

    45 # ssl certificate matches ssl_fingerprint.

    56 #set ssl_ciphers =

    46 # You can get the fingerprint of your server either with gnutls or openssl:

    47 # 1. gnutls-cli -p 5223 $your_server

    48 # 2. openssl s_client -connect $your_server:5223 | \

    49 #    openssl x509 -fingerprint -md5 -noout

    50 set ssl_fingerprint = 97:5C:00:3F:1D:77:45:25:E2:C5:70:EC:83:C8:87:EE

    51 # Set ssl_ignore_checks to 1 to disable all certificate checks except the

    52 # fingerprint check.

    53 #set ssl_ignore_checks = 0