prosody-modules
886c985ece61
mod_warn_legacy_tls/README.md

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Annotate

mod_warn_legacy_tls/README.md @ 6195:886c985ece61

mod_lastlog2: Skip initializing internal API (and storage) in prosodyctl Initializing storage in the global context under prosodyctl causes the module.command to fail to execute because the storage module has already been loaded. Introduced in 7b722955c59b
author Kim Alvefur <zash@zash.se>
date Sat, 08 Feb 2025 14:12:18 +0100
parent 6095:b048767a69b0
child 6250:c6afc572e316
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6094
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
1 ---
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
2 labels:
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
3 - Stage-Alpha
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
4 summary: Warn users of obsolete TLS Versions in clients
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
5 ---
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
6
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
7
6095
b048767a69b0 mod_warn_legacy_tls: typo
Menel <menel@snikket.de>
parents: 6094
diff changeset
8 TLS 1.0 and TLS 1.1 are obsolete. This module warns clients if they are using those versions, to prepare for disabling them. (If you use the default prosody config, this module will be unnessesary in its default setting, since these protocols are not allowed anymore by any supported prosody version.)
6094
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
9
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
10 This module can be used to warn from TLS1.2 if you want to switch to modern security in the near future.
3728
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 # Configuration
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 ``` {.lua}
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 modules_enabled = {
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 -- other modules etc
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 "warn_legacy_tls";
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 }
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 -- This is the default, you can leave it out if you don't wish to
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 -- customise or translate the message sent.
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 -- '%s' will be replaced with the TLS version in use.
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 legacy_tls_warning = [[
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 Your connection is encrypted using the %s protocol, which has been demonstrated to be insecure and will be disabled soon. Please upgrade your client.
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 ]]
6094
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
26
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
27 --You may want to warn about TLS1.2 these days too (This note added 2024), by default prosody will not even allow connections from TLS <1.2
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
28 --Example:
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
29 legacy_tls_versions = { "TLSv1", "TLSv1.1", "TLSv1.2" }
3728
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 ```
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 ## Options
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 `legacy_tls_warning`
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 : A string. The text of the message sent to clients that use outdated
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 TLS versions. Default as in the above example.
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 `legacy_tls_versions`
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 : Set of TLS versions, defaults to
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 `{ "SSLv3", "TLSv1", "TLSv1.1" }`{.lua}, i.e. TLS \< 1.2.
6094
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
41
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
42 # Compatibility
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
43
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
44 Prosody-Version Status
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
45 --------------- ---------------------
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
46 trunk Works as of 24-12-16
7adab72d5ebe mod_warn_legacy_tls: Update Examples and Introduction for current TLS versions.
Menel <menel@snikket.de>
parents: 6003
diff changeset
47 0.12 Works