Direct TLS
In the latest version of Metronome it’s possible to use Direct TLS (XEP-0368) for both c2s and s2s but to do so it’s necessary to setup ports as by default Direct TLS will be disabled.
Host “*”
interfaces = { “127.0.0.1”, “::1” }
ssl = { key = “/etc/metronome/certs/localhost.key”, certificate = “/etc/metronome/certs/localhost.cert” }
c2s_secure_ports = { 5223 }
s2s_secure_ports = { 5270 }
The above will enable Direct TLS on port 5223 for c2s and 5270 for s2s.