#1854 Trust On First Use (TOFU) for s2s SSL?

Reporter Henrich Hartzer
Owner Nobody
Stars ★ (1)
  • Component-Community
  • Status-New
  • Priority-Medium
  • Type-Enhancement
  1. Henrich Hartzer on

    Hi Prosody, I'm curious if there's support for TOFU (Trust On First Use) with server to server connections. This could allow for self-signed SSL certificates to be used. If the fingerprint changes, the server would throw an error. SSL fingerprints would have to be cached. Does this seem feasible, or is there already a feature like this? Thank you!

  2. Zash on

    Good idea that could be done as a community module. https://modules.prosody.im/mod_s2s_auth_fingerprint.html is likely the closest existing module, a similar module doing TOFU could be based on it.

    • tags Component-Community

New comment

Not published. Used for spam prevention and optional update notifications.