Changeset

1525:37cef218ba20

mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
author Kim Alvefur <zash@zash.se>
date Wed, 15 Oct 2014 11:37:39 +0200
parents 1524:604a8cee9d58
children 1526:120817435151
files mod_sslv3_warn/mod_sslv3_warn.lua
diffstat 1 files changed, 22 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_sslv3_warn/mod_sslv3_warn.lua	Wed Oct 15 11:37:39 2014 +0200
@@ -0,0 +1,22 @@
+local st = require"util.stanza";
+local host = module.host;
+
+local warning_message = module:get_option_string("sslv3_warning", "Your connection is encrypted using the SSL 3.0 protocol, which has been demonstrated to be insecure and will be disabled soon.  Please upgrade your client.");
+
+module:hook("resource-bind", function (event)
+	local session = event.session;
+	module:log("debug", "mod_%s sees that %s logged in", module.name, session.username);
+
+	local ok, protocol = pcall(function(session)
+		return session.conn:socket():info"protocol";
+	end, session);
+	if not ok then
+		module:log("debug", protocol);
+	elseif protocol == "SSLv3" then
+		module:add_timer(15, function ()
+			if session.type == "c2s" and session.resource then
+				session.send(st.message({ from = host, type = "headline", to = session.full_jid }, warning_message));
+			end
+		end);
+	end
+end);