Prosody IM Website


file doc/modules/mod_tls.md in changeset cc72909c8205

View latest ↓ Download file

line wrap: on
line source

---
title: 'mod\_tls'
---

Enables SSL/TLS encryption on connected streams.

# Details

mod\_tls implements [TLS as described in XMPP
Core](http://xmpp.org/rfcs/rfc6120.html#tls). For information on
obtaining and configuring certificates, see our [documentation on
certificates](/doc/certificates).

# Usage

``` {.code .lua}
    modules_enabled = {
        -- Other modules
        "tls"; -- Enable mod_tls
    }
```

# Configuration

  Option                     Default   Notes
  -------------------------- --------- ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  c2s\_require\_encryption   false     Whether to force all client-to-server connections to be encrypted or not
  s2s\_require\_encryption   false     Whether to force all server-to-server connections to be encrypted or not (you may also want to enforce certificate authentication - see [s2s security](/doc/s2s#security) for more info)

These options will cause Prosody to deny connections that are not
encrypted. Note that some servers do not support s2s encryption or have
it disabled, including gmail.com and Google Apps domains.

# Example

``` {.code .lua}
    modules_enabled = {
        -- Other modules
        "tls"; -- Enable mod_tls
    }
 
    c2s_require_encryption = true
    s2s_require_encryption = true
```