prosody-modules
b45d9a81b3da
mod_s2s_never_encrypt_blacklist/README.markdown

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_s2s_never_encrypt_blacklist/README.markdown @ 5424:b45d9a81b3da

mod_http_oauth2: Revert role selector, going to try something else Back out f2c7bb3af600 Allowing only a single role to be encoded into the grant takes away the possibility of having multiple roles in the grant, one of which is selected when issuing an access token. It also takes away the ability to have zero roles granted, which could be useful e.g. when you only need OIDC scopes.
author Kim Alvefur <zash@zash.se>
date Sun, 07 May 2023 19:40:57 +0200
parent 1803:4d73a1a6ba68
line wrap: on
line source

---
labels:
- 'Stage-Beta'
summary: |
    Stops prosody from including starttls into available features for
    specified remote servers.
...

Details
-------

Let's you stop Prosody from sending \<starttls
xmlns='urn:ietf:params:xml:ns:xmpp-tls'\> feature to choppy/buggy
servers which therefore would fail to re-negotiate and use a secure
stream. (e.g. [OpenFire
3.7.0](http://issues.igniterealtime.org/browse/OF-405))

Usage
-----

Copy the plugin into your prosody's modules directory.

And add it between your enabled modules into the global section
(modules\_enabled).

Then list each host as follow:

    tls_s2s_blacklist = { "host1.tld", "host2.tld", "host3.tld" }

In the unfortunate case of OpenFire... you can add the Server's ip
address directly as it may not send proper rfc6121 requests.

    tls_s2s_blacklist_ip = { "a.a.a.a", "b.b.b.b", "c.c.c.c" }

Compatibility
-------------

It's supposed to work with 0.7-0.8.x