diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index 067bb482a7868f6989fc2195b2216e506f5aae61..0dee340ee4817e77b975c3eccd134f296e480f45 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -87,6 +87,38 @@ xmpp_variables=(ONION_ONLY
DEFAULT_DOMAIN_NAME
XMPP_DOMAIN_CODE)
+function xmpp_setting_stricttls {
+ # switching strict TLS on or off, which requires authentication with a letsencrypt cert
+ strict_tls="$1"
+ strict_tls_update=
+
+ if [[ "$strict_tls" == '1' ]]; then
+ if ! grep -q 's2s_secure_auth = true' /etc/prosody/prosody.cfg.lua; then
+ sed -i 's|s2s_secure_auth = .*|s2s_secure_auth = true|g' /etc/prosody/prosody.cfg.lua
+ strict_tls_update=1
+ fi
+ if ! grep -q 's2s_require_encryption = true' /etc/prosody/prosody.cfg.lua; then
+ sed -i 's|s2s_require_encryption = .*|s2s_require_encryption = true|g' /etc/prosody/prosody.cfg.lua
+ strict_tls_update=1
+ fi
+ fi
+
+ if [[ "$strict_tls" == '0' ]]; then
+ if ! grep -q 's2s_secure_auth = false' /etc/prosody/prosody.cfg.lua; then
+ sed -i 's|s2s_secure_auth = .*|s2s_secure_auth = false|g' /etc/prosody/prosody.cfg.lua
+ strict_tls_update=1
+ fi
+ if ! grep -q 's2s_require_encryption = false' /etc/prosody/prosody.cfg.lua; then
+ sed -i 's|s2s_require_encryption = .*|s2s_require_encryption = false|g' /etc/prosody/prosody.cfg.lua
+ strict_tls_update=1
+ fi
+ fi
+
+ if [ $strict_tls_update ]; then
+ systemctl restart prosody
+ fi
+}
+
function prosody_update_onion_certs {
if [[ "$ONION_ONLY" == 'no' ]]; then
return
diff --git a/webadmin/EN/settings_xmpp.html b/webadmin/EN/settings_xmpp.html
new file mode 100644
index 0000000000000000000000000000000000000000..55363f7e1d801ce2d80c2f1d7311275d47853c90
--- /dev/null
+++ b/webadmin/EN/settings_xmpp.html
@@ -0,0 +1,117 @@
+<!DOCTYPE html>
+<html lang="en">
+ <meta charset="utf-8">
+ <style>
+ body {
+ margin: 0;
+ font-family: Arial;
+ background-color: white;
+ color: black;
+ }
+
+ * {
+ box-sizing: border-box;
+ }
+
+ a, u {
+ text-decoration: none;
+ color: #72a7cf;
+ font-weight: bold;
+ }
+
+ a:visited{
+ color: #72a7cf;
+ font-weight: bold;
+ }
+
+ #headerpic {
+ width: 60%;
+ height: auto;
+ margin-right : auto;
+ margin-left : auto;
+ min-width : 220px;
+ }
+
+ .header {
+ text-align: center;
+ padding: 32px;
+ }
+
+ .headertext {
+ color: #72a7cf;
+ text-align: center;
+ font-size: 120%;
+ font-weight: bold;
+ }
+ .settingtext {
+ text-align: center;
+ font-size: 100%;
+ }
+
+ .row {
+ display: -ms-flexbox;
+ display: flex;
+ -ms-flex-wrap: wrap;
+ flex-wrap: wrap;
+ padding: 0 4px;
+ }
+
+ .column {
+ -ms-flex: 25%;
+ flex: 15%;
+ max-width: 25%;
+ padding: 0 4px;
+ }
+
+ .column img {
+ margin-top: 8px;
+ vertical-align: middle;
+ }
+
+ .card {
+ box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2);
+ max-width: 600px;
+ margin: auto;
+ text-align: center;
+ font-family: arial;
+ clear: both;
+ }
+
+ .card input[type=text] {
+ width: 50%;
+ clear: both;
+ text-align: left;
+ color: black;
+ background-color: lightblue;
+ }
+ .card input[type=radio] {
+ width: 8%;
+ height: 15em;
+ font-size: 10%;
+ margin-top: 5em;
+ vertical-align: middle;
+ }
+
+ </style>
+ <body>
+
+ <div class="card">
+ <div class="header">
+ <a href="app_xmpp.html" title="Go Back"><img id="headerpic" class="img-responsive" src="images/logo.png" alt="Go Back"></a>
+
+ <p class="headertext" translate="yes">Enable strict TLS authentication between XMPP servers?</p>
+
+ <p class="headertext" translate="yes">If you or other people are having difficulty joining multi-user chat then enabling this might help</p>
+
+ <form action="settings_xmpp.php" method="post">
+ <input type="radio" name="allowstricttls" value="0" checked><label translate="yes">No</label>
+ <input type="radio" name="allowstricttls" value="1"><label translate="yes">Yes</label>
+ <br><br>
+ <input type="submit" name="submitallowstricttls" translate="yes" value="Update" />
+ </form>
+
+ </div>
+ </div>
+
+ </body>
+</html>
diff --git a/webadmin/settings_xmpp.php b/webadmin/settings_xmpp.php
new file mode 100755
index 0000000000000000000000000000000000000000..8330679367aabab0e9f1cfd606ab3a9b68d8a0e0
--- /dev/null
+++ b/webadmin/settings_xmpp.php
@@ -0,0 +1,45 @@
+<?php
+
+// _____ _ _
+// | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
+// | __| _| -_| -_| . | . | | . | . | | -_|
+// |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
+//
+// Freedom in the Cloud
+//
+// xmpp settings menu
+//
+// License
+// =======
+//
+// Copyright (C) 2018-2019 Bob Mottram <bob@freedombone.net>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+$output_filename = "app_xmpp.html";
+
+if (php_sapi_name()!=='fpm-fcgi') exit('php script must be run from the web interface');
+
+if (isset($_POST['submitallowstricttls'])) {
+ $confirm = htmlspecialchars($_POST['allowstricttls']);
+ $settings_file = fopen(".appsettings.txt", "w") or die("Unable to write to appsettings file");
+ fwrite($settings_file, "xmpp,stricttls,".$confirm);
+ fclose($settings_file);
+}
+
+$htmlfile = fopen("$output_filename", "r") or die("Unable to open $output_filename");
+echo fread($htmlfile,filesize("$output_filename"));
+fclose($htmlfile);
+
+?>