prosody-modules
36023eb3254e
mod_warn_legacy_tls/mod_warn_legacy_tls.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Comparison

mod_warn_legacy_tls/mod_warn_legacy_tls.lua @ 3727:36023eb3254e

mod_warn_legacy_tls: Adapt to warn about TLS < 1.2
author Kim Alvefur <zash@zash.se>
date Sun, 03 Nov 2019 13:03:19 +0100
parent 3726:362c45f67704
child 3730:ec3eb426271e
comparison
equal deleted inserted replaced
3726:362c45f67704 3727:36023eb3254e
1 local st = require"util.stanza"; 1 local st = require"util.stanza";
2 local host = module.host; 2 local host = module.host;
3 3
4 local warning_message = module:get_option_string("sslv3_warning", "Your connection is encrypted using the SSL 3.0 protocol, which has been demonstrated to be insecure and will be disabled soon. Please upgrade your client."); 4 local deprecated_protocols = module:get_option_set("legacy_tls_versions", { "SSLv3", "TLSv1", "TLSv1.1" });
5 local warning_message = module:get_option_string("legacy_tls_warning", "Your connection is encrypted using the %s protocol, which has known problems and will be disabled soon. Please upgrade your client.");
5 6
6 module:hook("resource-bind", function (event) 7 module:hook("resource-bind", function (event)
7 local session = event.session; 8 local session = event.session;
8 module:log("debug", "mod_%s sees that %s logged in", module.name, session.username); 9 module:log("debug", "mod_%s sees that %s logged in", module.name, session.username);
9 10
10 local ok, protocol = pcall(function(session) 11 local ok, protocol = pcall(function(session)
11 return session.conn:socket():info"protocol"; 12 return session.conn:socket():info"protocol";
12 end, session); 13 end, session);
13 if not ok then 14 if not ok then
14 module:log("debug", protocol); 15 module:log("debug", "Could not determine TLS version: %s", protocol);
15 elseif protocol == "SSLv3" then 16 elseif deprecated_protocols:contains(protocol) then
16 module:add_timer(15, function () 17 module:add_timer(15, function ()
17 if session.type == "c2s" and session.resource then 18 if session.type == "c2s" and session.resource then
18 session.send(st.message({ from = host, type = "headline", to = session.full_jid }, warning_message)); 19 session.send(st.message({ from = host, type = "headline", to = session.full_jid }, warning_message:format(protocol)));
19 end 20 end
20 end); 21 end);
21 end 22 end
22 end); 23 end);