diff options
| author | Kim Alvefur <zash@zash.se> | 2021-09-01 19:05:24 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2021-09-01 19:05:24 +0200 |
| commit | e3c0a877bf2eaf1f5c3f150ad66de0af331e885b (patch) | |
| tree | 68273c27003ba5316c18111eee3fe5aef1952b2b /plugins | |
| parent | c6adacaaad810d70671d14316f652b772ccdfbcf (diff) | |
| download | prosody-e3c0a877bf2eaf1f5c3f150ad66de0af331e885b.tar.gz prosody-e3c0a877bf2eaf1f5c3f150ad66de0af331e885b.zip | |
mod_tls: Attempt STARTTLS on outgoing unencrypted legacy s2s connections
As suggested by RFC 7590
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/mod_tls.lua | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 9cd2a672..a97f7027 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -165,6 +165,14 @@ module:hook_tag("http://etherx.jabber.org/streams", "features", function (sessio end end, 500); +module:hook("s2sout-authenticate-legacy", function(event) + local session = event.origin; + if s2s_require_encryption and can_do_tls(session) then + session.sends2s(starttls_initiate); + return true; + end +end, 200); + module:hook_tag(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza if session.type == "s2sout_unauthed" and can_do_tls(session) then module:log("debug", "Proceeding with TLS on s2sout..."); |