Software `/` code `/` prosody-modules

Annotate

mod_warn_legacy_tls/README.markdown @ 5390:f2363e6d9a64

mod_http_oauth2: Advertise the currently supported id_token signing algorithm This field is REQUIRED. The algorithm RS256 MUST be included, but isn't because we don't implement it, as that would require implementing a pile of additional cryptography and JWT stuff. Instead the id_token is signed using the client secret, which allows verification by the client, since it's a shared secret per OpenID Connect Core 1.0 § 10.1 under Symmetric Signatures. OpenID Connect Discovery 1.0 has a lot of REQUIRED and MUST clauses that are not supported here, but that's okay because this is served from the RFC 8414 OAuth 2.0 Authorization Server Metadata .well-known endpoint!

author	Kim Alvefur <zash@zash.se>
date	Sun, 30 Apr 2023 16:13:40 +0200
parent	3728:5073bbd86970

rev	line source
3728 5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	1 TLS 1.0 and TLS 1.1 are about to be obsolete. This module warns clients
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	2 if they are using those versions, to prepare for disabling them.
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	3
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	4 # Configuration
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	5
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	6 ``` {.lua}
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	7 modules_enabled = {
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	8 -- other modules etc
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	9 "warn_legacy_tls";
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	10 }
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	11
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	12 -- This is the default, you can leave it out if you don't wish to
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	13 -- customise or translate the message sent.
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	14 -- '%s' will be replaced with the TLS version in use.
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	15 legacy_tls_warning = [[
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	16 Your connection is encrypted using the %s protocol, which has been demonstrated to be insecure and will be disabled soon. Please upgrade your client.
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	17 ]]
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	18 ```
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	19
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	20 ## Options
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	21
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	22 `legacy_tls_warning`
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	23 : A string. The text of the message sent to clients that use outdated
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	24 TLS versions. Default as in the above example.
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	25
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	26 `legacy_tls_versions`
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	27 : Set of TLS versions, defaults to
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	28 `{ "SSLv3", "TLSv1", "TLSv1.1" }`{.lua}, i.e. TLS \< 1.2.

prosody-modules

f2363e6d9a64

mod_warn_legacy_tls/README.markdown

Software / code / prosody-modules

Annotate

mod_warn_legacy_tls/README.markdown @ 5390:f2363e6d9a64

Software `/` code `/` prosody-modules