prosody-modules
277ccafb4826
mod_sslv3_warn/mod_sslv3_warn.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_sslv3_warn/mod_sslv3_warn.lua @ 6037:277ccafb4826

mod_http_oauth2: Fix check for userinfo endpoint handler It was checking whether the wrong handler exists. It could have made sense if there was some dependency between them but there isn't.
author Kim Alvefur <zash@zash.se>
date Thu, 31 Oct 2024 21:49:32 +0100
parent 1525:37cef218ba20
line wrap: on
line source

local st = require"util.stanza";
local host = module.host;

local warning_message = module:get_option_string("sslv3_warning", "Your connection is encrypted using the SSL 3.0 protocol, which has been demonstrated to be insecure and will be disabled soon.  Please upgrade your client.");

module:hook("resource-bind", function (event)
	local session = event.session;
	module:log("debug", "mod_%s sees that %s logged in", module.name, session.username);

	local ok, protocol = pcall(function(session)
		return session.conn:socket():info"protocol";
	end, session);
	if not ok then
		module:log("debug", protocol);
	elseif protocol == "SSLv3" then
		module:add_timer(15, function ()
			if session.type == "c2s" and session.resource then
				session.send(st.message({ from = host, type = "headline", to = session.full_jid }, warning_message));
			end
		end);
	end
end);