aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_saslauth.lua
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2021-12-25 16:23:40 +0100
committerKim Alvefur <zash@zash.se>2021-12-25 16:23:40 +0100
commit73d1bb12184cd5bc91c5996ecc574149d9637d73 (patch)
tree81534ac655eabbfb6d3ede66ed7a31762da7d2fd /plugins/mod_saslauth.lua
parenta02e872f8651ea4729697bd7ccc88f7f952c3f04 (diff)
downloadprosody-73d1bb12184cd5bc91c5996ecc574149d9637d73.tar.gz
prosody-73d1bb12184cd5bc91c5996ecc574149d9637d73.zip
various: Require encryption by default for real
These options have been specified (and enabled) in the default config file for a long time. However if unspecified in the config, they were not enabled. Now they are. This may result in a change of behaviour for people using very old config files that lack the require_encryption options. But that's what we want.
Diffstat (limited to 'plugins/mod_saslauth.lua')
-rw-r--r--plugins/mod_saslauth.lua2
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 212b977a..30d7acfa 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -17,7 +17,7 @@ local errors = require "util.error";
local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler;
-local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", false));
+local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", true));
local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false)
local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"});
local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" });