New options: dhfile and s2s_dhfile

Let admins specify a file that contains custom parameters for
Diffie-Hellman key exchange.

diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl
index 5112db7dedec2ead5c58d1af57e8b063870fd845..9c02899c79343d1a1e21e8ee509b9fd5095cf199 100644 (file)
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@@ -292,6 +292,7 @@ init([{SockMod, Socket}, Opts]) ->
            StartTLSRequired orelse TLSEnabled,
     TLSOpts1 = lists:filter(fun ({certfile, _}) -> true;
                                ({ciphers, _}) -> true;
+                               ({dhfile, _}) -> true;
                                (_) -> false
                            end,
                            Opts),

diff --git a/src/ejabberd_http.erl b/src/ejabberd_http.erl
index 4e7f4b554ebd7cc97fbb4694912315f783233420..4e3fe8e0eac136507bb0ade7b0df6916c34ca986 100644 (file)
--- a/src/ejabberd_http.erl
+++ b/src/ejabberd_http.erl
@@ -95,6 +95,7 @@ init({SockMod, Socket}, Opts) ->
     TLSEnabled = proplists:get_bool(tls, Opts),
     TLSOpts1 = lists:filter(fun ({certfile, _}) -> true;
                                ({ciphers, _}) -> true;
+                               ({dhfile, _}) -> true;
                                (_) -> false
                            end,
                            Opts),

diff --git a/src/ejabberd_s2s_in.erl b/src/ejabberd_s2s_in.erl
index 1b40f03c23085c156b17697764773fc1a629606a..c51314c362d689468b780529f21c38ab2175370c 100644 (file)
--- a/src/ejabberd_s2s_in.erl
+++ b/src/ejabberd_s2s_in.erl
@@ -184,9 +184,14 @@ init([{SockMod, Socket}, Opts]) ->
                    undefined -> TLSOpts2;
                    ProtocolOpts -> [{protocol_options, ProtocolOpts} | TLSOpts2]
                end,
+    TLSOpts4 = case ejabberd_config:get_option(
+                      s2s_dhfile, fun iolist_to_binary/1) of
+                   undefined -> TLSOpts3;
+                   DHFile -> [{dhfile, DHFile} | TLSOpts3]
+               end,
     TLSOpts = case proplists:get_bool(tls_compression, Opts) of
-                  false -> [compression_none | TLSOpts3];
-                  true -> TLSOpts3
+                  false -> [compression_none | TLSOpts4];
+                  true -> TLSOpts4
               end,
     Timer = erlang:start_timer(?S2STIMEOUT, self(), []),
     {ok, wait_for_stream,

diff --git a/src/ejabberd_s2s_out.erl b/src/ejabberd_s2s_out.erl
index 6196f136f2d92b8fed7f9107295be2fafab9b743..44287632b1a18d0fd221e559c70bc2fd8c552456 100644 (file)
--- a/src/ejabberd_s2s_out.erl
+++ b/src/ejabberd_s2s_out.erl
@@ -207,13 +207,18 @@ init([From, Server, Type]) ->
                    undefined -> TLSOpts2;
                    ProtocolOpts -> [{protocol_options, ProtocolOpts} | TLSOpts2]
                end,
+    TLSOpts4 = case ejabberd_config:get_option(
+                      s2s_dhfile, fun iolist_to_binary/1) of
+                   undefined -> TLSOpts3;
+                   DHFile -> [{dhfile, DHFile} | TLSOpts3]
+               end,
     TLSOpts = case ejabberd_config:get_option(
                      {s2s_tls_compression, From},
                      fun(true) -> true;
                         (false) -> false
                      end, true) of
-                  false -> [compression_none | TLSOpts3];
-                  true -> TLSOpts3
+                  false -> [compression_none | TLSOpts4];
+                  true -> TLSOpts4
               end,
     {New, Verify} = case Type of
                      {new, Key} -> {Key, false};