Hi Prosody,
I'm curious if there's support for TOFU (Trust On First Use) with server to server connections. This could allow for self-signed SSL certificates to be used. If the fingerprint changes, the server would throw an error. SSL fingerprints would have to be cached.
Does this seem feasible, or is there already a feature like this?
Thank you!
Hi Prosody, I'm curious if there's support for TOFU (Trust On First Use) with server to server connections. This could allow for self-signed SSL certificates to be used. If the fingerprint changes, the server would throw an error. SSL fingerprints would have to be cached. Does this seem feasible, or is there already a feature like this? Thank you!
Good idea that could be done as a community module. https://modules.prosody.im/mod_s2s_auth_fingerprint.html is likely the closest existing module, a similar module doing TOFU could be based on it.
Changes