From 73d1bb12184cd5bc91c5996ecc574149d9637d73 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 25 Dec 2021 16:23:40 +0100
Subject: various: Require encryption by default for real

These options have been specified (and enabled) in the default config file for
a long time. However if unspecified in the config, they were not enabled. Now
they are.

This may result in a change of behaviour for people using very old config
files that lack the require_encryption options. But that's what we want.
---
 plugins/mod_tls.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'plugins/mod_tls.lua')

diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 9b80486a..afc1653a 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -10,8 +10,8 @@ local create_context = require "core.certmanager".create_context;
 local rawgetopt = require"core.configmanager".rawget;
 local st = require "util.stanza";
 
-local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption"));
-local s2s_require_encryption = module:get_option("s2s_require_encryption");
+local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption", true));
+local s2s_require_encryption = module:get_option("s2s_require_encryption", true);
 local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false;
 local s2s_secure_auth = module:get_option("s2s_secure_auth");
 
-- 
cgit v1.2.3