diff options
author | Kim Alvefur <zash@zash.se> | 2021-09-01 19:05:24 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2021-09-01 19:05:24 +0200 |
commit | e3c0a877bf2eaf1f5c3f150ad66de0af331e885b (patch) | |
tree | 68273c27003ba5316c18111eee3fe5aef1952b2b | |
parent | c6adacaaad810d70671d14316f652b772ccdfbcf (diff) | |
download | prosody-e3c0a877bf2eaf1f5c3f150ad66de0af331e885b.tar.gz prosody-e3c0a877bf2eaf1f5c3f150ad66de0af331e885b.zip |
mod_tls: Attempt STARTTLS on outgoing unencrypted legacy s2s connections
As suggested by RFC 7590
-rw-r--r-- | plugins/mod_tls.lua | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 9cd2a672..a97f7027 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -165,6 +165,14 @@ module:hook_tag("http://etherx.jabber.org/streams", "features", function (sessio end end, 500); +module:hook("s2sout-authenticate-legacy", function(event) + local session = event.origin; + if s2s_require_encryption and can_do_tls(session) then + session.sends2s(starttls_initiate); + return true; + end +end, 200); + module:hook_tag(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza if session.type == "s2sout_unauthed" and can_do_tls(session) then module:log("debug", "Proceeding with TLS on s2sout..."); |