diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index f3952b13..077be61a 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -51,6 +51,7 @@ prosody_nightly_url="https://prosody.im/nightly/${prosody_latest_version}/latest
 # From https://hg.prosody.im/prosody-modules
 prosody_modules_filename='prosody-modules-20180322.tar.gz'
 prosody_modules_hash='982d0dfcef98e9cb9cee4cc3801b8ce9a503a32e44c32b99df6fe94545b90072'
+xmpp_encryption_warning=$"For security reasons, OMEMO or PGP encryption is required for conversations on this server."
 
 xmpp_variables=(ONION_ONLY
                 INSTALLED_WITHIN_DOCKER
@@ -818,11 +819,16 @@ function xmpp_create_config {
     else
         echo "    dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
     fi
+
     { echo '}';
       echo '';
       echo 'c2s_require_encryption = true';
       echo 's2s_require_encryption = true';
       echo '';
+      echo 'e2e_policy_muc = "none"';
+      echo 'e2e_policy_chat = "required"';
+      echo "e2e_policy_message_required_chat = \"$xmpp_encryption_warning\"";
+      echo '';
       echo 's2s_secure_auth = false';
       echo '';
       echo 'authentication = "internal_hashed"';
@@ -838,6 +844,9 @@ function xmpp_create_config {
       echo ''; } >> /etc/prosody/prosody.cfg.lua
     if [[ "$ONION_ONLY" != 'no' ]]; then
         echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/prosody.cfg.lua
+        # TLS is not needed for onion transport security
+        sed -i 's|s2s_require_encryption =.*|s2s_require_encryption = false|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|c2s_require_encryption =.*|c2s_require_encryption = false|g' /etc/prosody/prosody.cfg.lua
     else
         echo "VirtualHost \"${DEFAULT_DOMAIN_NAME}\"" >> /etc/prosody/prosody.cfg.lua
     fi