aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2021-09-01 19:05:24 +0200
committerKim Alvefur <zash@zash.se>2021-09-01 19:05:24 +0200
commite3c0a877bf2eaf1f5c3f150ad66de0af331e885b (patch)
tree68273c27003ba5316c18111eee3fe5aef1952b2b
parentc6adacaaad810d70671d14316f652b772ccdfbcf (diff)
downloadprosody-e3c0a877bf2eaf1f5c3f150ad66de0af331e885b.tar.gz
prosody-e3c0a877bf2eaf1f5c3f150ad66de0af331e885b.zip
mod_tls: Attempt STARTTLS on outgoing unencrypted legacy s2s connections
As suggested by RFC 7590
-rw-r--r--plugins/mod_tls.lua8
1 files changed, 8 insertions, 0 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 9cd2a672..a97f7027 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -165,6 +165,14 @@ module:hook_tag("http://etherx.jabber.org/streams", "features", function (sessio
end
end, 500);
+module:hook("s2sout-authenticate-legacy", function(event)
+ local session = event.origin;
+ if s2s_require_encryption and can_do_tls(session) then
+ session.sends2s(starttls_initiate);
+ return true;
+ end
+end, 200);
+
module:hook_tag(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza
if session.type == "s2sout_unauthed" and can_do_tls(session) then
module:log("debug", "Proceeding with TLS on s2sout...");