mod_tls: Attempt STARTTLS on outgoing unencrypted legacy s2s connections

As suggested by RFC 7590
author: Kim Alvefur <zash@zash.se> 2021-09-01 19:05:24 +0200
committer: Kim Alvefur <zash@zash.se> 2021-09-01 19:05:24 +0200
commit: e3c0a877bf2eaf1f5c3f150ad66de0af331e885b (patch)
tree: 68273c27003ba5316c18111eee3fe5aef1952b2b /plugins/mod_tls.lua
parent: c6adacaaad810d70671d14316f652b772ccdfbcf (diff)
download: prosody-e3c0a877bf2eaf1f5c3f150ad66de0af331e885b.tar.gz
prosody-e3c0a877bf2eaf1f5c3f150ad66de0af331e885b.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 9cd2a672..a97f7027 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -165,6 +165,14 @@ module:hook_tag("http://etherx.jabber.org/streams", "features", function (sessio
 	end
 end, 500);
 
+module:hook("s2sout-authenticate-legacy", function(event)
+	local session = event.origin;
+	if s2s_require_encryption and can_do_tls(session) then
+		session.sends2s(starttls_initiate);
+		return true;
+	end
+end, 200);
+
 module:hook_tag(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza
 	if session.type == "s2sout_unauthed" and can_do_tls(session) then
 		module:log("debug", "Proceeding with TLS on s2sout...");
author	Kim Alvefur <zash@zash.se>	2021-09-01 19:05:24 +0200
committer	Kim Alvefur <zash@zash.se>	2021-09-01 19:05:24 +0200
commit	e3c0a877bf2eaf1f5c3f150ad66de0af331e885b (patch)
tree	68273c27003ba5316c18111eee3fe5aef1952b2b /plugins/mod_tls.lua
parent	c6adacaaad810d70671d14316f652b772ccdfbcf (diff)
download	prosody-e3c0a877bf2eaf1f5c3f150ad66de0af331e885b.tar.gz prosody-e3c0a877bf2eaf1f5c3f150ad66de0af331e885b.zip