I worked to improve security in ejabberd restricting it to TLS1.2 with a new tls policy 2018-10-01, this is the issue to track it, and the blog article where I found the instructions.
my concern here is to demonstrate that the connection is well restricted to tls1.2
I used to test with testssl.sh but it works only with the port 5223 (only ssl)
With startTLS I can connect, see in the debug window of pidgin that I connected with TLS (that is required), the cipher used, but not much information
I saw that testssl.sh need to be adapted for starttls but it doesn’t work as expected
testssl.sh --starttls xmpp your-server:5222
testssl.sh --starttls xmpp --xmpphost your-domain your-server:5222
what is good now is that even with the stable rpm, I cannot test my tls connection…do you have a way ?