From 8ee33e543a323a86867e28a68be8c2c542f261c3 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 27 Jan 2017 12:21:09 +0100 Subject: mod_tls: Check that connection has starttls method first to prevent offering starttls over tls (thanks Remko and Tobias) --- plugins/mod_tls.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index c5903b61..2b265032 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -62,10 +62,10 @@ do end local function can_do_tls(session) - if session.ssl_ctx ~= nil then - return session.ssl_ctx; - elseif not session.conn.starttls then + if not session.conn.starttls then return false; + elseif session.ssl_ctx ~= nil then + return session.ssl_ctx; end if session.type == "c2s_unauthed" then session.ssl_ctx = ssl_ctx_c2s; -- cgit v1.2.3