New SSL certificates

Because there are problems/bugs with ejabberd 13.x connecting to our transports we just replaced the certificate for our main virtual host jabber.hot-chilli.net. This host also does service our transports.

Until then we had used a certificate with the common name *.hot-chilli.net, now we have one with jabber.hot-chilli.net and *.jabber.hot-chilli.net common names which does not lead to the problem.

Some days ago we already replaced the *.hot-chilli.net due to the OpenSSL Heartbleed bug.

Hashed passwords for Prosody

We just changed the Prosody authentication provider module to hashed SCRAM-SHA-1 passwords.

You most probably will not notice anything. But if your client does not support SCRAM-SHA-1 the password will be sent in plain, not DIGEST-MD5 like until now. So be sure you only use a TLS/SSL connection to the server to protect the password (and also all your other XMPP data like chat messages) inside an encrypted data stream. Some clients might show a warning that DIGEST-MD5 is not longer available on the server.

The next time you log in the password will be automaticly hashed with SCRAM-SHA-1 mechanism.