wojciech.kapcia@tigase.net opened 5 years ago
|
|
@wojtek Is hardened mode enabled? If so, then it may "require" that on the instance level and it would make impossible to disable that requirement on VHost level as instance settings are "more important" than vhost settings. |
|
It doesn't seem like that: setting HardenedMode to
It seems that the only way to disable it is to use this configuration:
|
|
You are right, I suppose that we decided in 8.0.0/8.1.0 to use only TLS encrypted connections by default so that works OK. |
|
There was such discussion, but still there is an option in VHost which allows disabling it so it should be respected… or we should remove that option from VHost configuration. Though it seems better to have it configurable on per VHost basis instead of leaving only global option to completely disable TLS. |
|
Global option will NOT disable TLS but will allow you to disable TLS on per vhost basis. |
|
This seems quite counter-intuitive... it the global option merely serves as "permission to disable it on per-vhost basis" then it should be named accordingly, though this should be handled by adequate HardenedMode level (only allow on relaxed for example). |
|
I will not discuss whether the naming of property I've modified VHostItem support for ad-hoc to make it impossible to change TLS required state on vhost level if the requirement mentioned above is enabled. At the same time, I've added a note (as a replacement for Note: |
|
Very good solution! |
Type |
Bug
|
Priority |
Normal
|
Assignee | |
Version |
tigase-server-8.1.0, tigase-server-8.0.1
|
Spent time |
2h
|
-
Customers/catapush-s-r-l#3 You are not authorized to access this issue
Steps to reproduce:
TLS required
option in VHost optionsAfterwards it's still announced: