prosody
94e341dee51c
util/session.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

util/session.lua @ 10224:94e341dee51c

core.certmanager: Move EECDH ciphers before EDH in default cipherstring The original intent of having kEDH before kEECDH was that if a `dhparam` file was specified, this would be interpreted as a preference by the admin for old and well-tested Diffie-Hellman key agreement over newer elliptic curve ones. Otherwise the faster elliptic curve ciphersuites would be preferred. This didn't really work as intended since this affects the ClientHello on outgoing s2s connections, leading to some servers using poorly configured kEDH. With Debian shipping OpenSSL settings that enforce a higher security level, this caused interoperability problems with servers that use DH params smaller than 2048 bits. E.g. jabber.org at the time of this writing has 1024 bit DH params. MattJ says > Curves have won, and OpenSSL is less weird about them now
author Kim Alvefur <zash@zash.se>
date Sun, 25 Aug 2019 20:22:35 +0200
parent 10110:3fa3872588a8
child 12640:999b1c59af6f
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6941
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
1 local initialize_filters = require "util.filters".initialize;
6939
a9ae0c6ac4f4 util.session: What does the session say?
Kim Alvefur <zash@zash.se>
parents: 6938
diff changeset
2 local logger = require "util.logger";
6937
f5d2e58fbefa util.session: What is a session?
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
f5d2e58fbefa util.session: What is a session?
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local function new_session(typ)
f5d2e58fbefa util.session: What is a session?
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 local session = {
f5d2e58fbefa util.session: What is a session?
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 type = typ .. "_unauthed";
9947
8ebca1240203 util.session: Fix session id not include unauthed forever
Kim Alvefur <zash@zash.se>
parents: 7181
diff changeset
7 base_type = typ;
6937
f5d2e58fbefa util.session: What is a session?
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 };
f5d2e58fbefa util.session: What is a session?
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 return session;
f5d2e58fbefa util.session: What is a session?
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 end
f5d2e58fbefa util.session: What is a session?
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11
6938
9df70e9e006b util.session: What is the identity of a session?
Kim Alvefur <zash@zash.se>
parents: 6937
diff changeset
12 local function set_id(session)
9947
8ebca1240203 util.session: Fix session id not include unauthed forever
Kim Alvefur <zash@zash.se>
parents: 7181
diff changeset
13 local id = session.base_type .. tostring(session):match("%x+$"):lower();
6938
9df70e9e006b util.session: What is the identity of a session?
Kim Alvefur <zash@zash.se>
parents: 6937
diff changeset
14 session.id = id;
9df70e9e006b util.session: What is the identity of a session?
Kim Alvefur <zash@zash.se>
parents: 6937
diff changeset
15 return session;
9df70e9e006b util.session: What is the identity of a session?
Kim Alvefur <zash@zash.se>
parents: 6937
diff changeset
16 end
9df70e9e006b util.session: What is the identity of a session?
Kim Alvefur <zash@zash.se>
parents: 6937
diff changeset
17
6939
a9ae0c6ac4f4 util.session: What does the session say?
Kim Alvefur <zash@zash.se>
parents: 6938
diff changeset
18 local function set_logger(session)
7181
8af558965da3 util.session: Fix luacheck warnings
Kim Alvefur <zash@zash.se>
parents: 6941
diff changeset
19 local log = logger.init(session.id);
6939
a9ae0c6ac4f4 util.session: What does the session say?
Kim Alvefur <zash@zash.se>
parents: 6938
diff changeset
20 session.log = log;
a9ae0c6ac4f4 util.session: What does the session say?
Kim Alvefur <zash@zash.se>
parents: 6938
diff changeset
21 return session;
a9ae0c6ac4f4 util.session: What does the session say?
Kim Alvefur <zash@zash.se>
parents: 6938
diff changeset
22 end
a9ae0c6ac4f4 util.session: What does the session say?
Kim Alvefur <zash@zash.se>
parents: 6938
diff changeset
23
6940
2be5e19485aa util.session: How does a session relate do a connection?
Kim Alvefur <zash@zash.se>
parents: 6939
diff changeset
24 local function set_conn(session, conn)
2be5e19485aa util.session: How does a session relate do a connection?
Kim Alvefur <zash@zash.se>
parents: 6939
diff changeset
25 session.conn = conn;
2be5e19485aa util.session: How does a session relate do a connection?
Kim Alvefur <zash@zash.se>
parents: 6939
diff changeset
26 session.ip = conn:ip();
2be5e19485aa util.session: How does a session relate do a connection?
Kim Alvefur <zash@zash.se>
parents: 6939
diff changeset
27 return session;
2be5e19485aa util.session: How does a session relate do a connection?
Kim Alvefur <zash@zash.se>
parents: 6939
diff changeset
28 end
2be5e19485aa util.session: How does a session relate do a connection?
Kim Alvefur <zash@zash.se>
parents: 6939
diff changeset
29
6941
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
30 local function set_send(session)
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
31 local conn = session.conn;
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
32 if not conn then
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
33 function session.send(data)
10110
3fa3872588a8 util.session: Remove tostring call from logging
Kim Alvefur <zash@zash.se>
parents: 9947
diff changeset
34 session.log("debug", "Discarding data sent to unconnected session: %s", data);
6941
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
35 return false;
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
36 end
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
37 return session;
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
38 end
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
39 local filter = initialize_filters(session);
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
40 local w = conn.write;
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
41 session.send = function (t)
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
42 if t.name then
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
43 t = filter("stanzas/out", t);
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
44 end
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
45 if t then
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
46 t = filter("bytes/out", tostring(t));
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
47 if t then
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
48 local ret, err = w(conn, t);
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
49 if not ret then
10110
3fa3872588a8 util.session: Remove tostring call from logging
Kim Alvefur <zash@zash.se>
parents: 9947
diff changeset
50 session.log("debug", "Error writing to connection: %s", err);
6941
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
51 return false, err;
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
52 end
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
53 end
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
54 end
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
55 return true;
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
56 end
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
57 return session;
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
58 end
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
59
6937
f5d2e58fbefa util.session: What is a session?
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 return {
f5d2e58fbefa util.session: What is a session?
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61 new = new_session;
6938
9df70e9e006b util.session: What is the identity of a session?
Kim Alvefur <zash@zash.se>
parents: 6937
diff changeset
62 set_id = set_id;
6939
a9ae0c6ac4f4 util.session: What does the session say?
Kim Alvefur <zash@zash.se>
parents: 6938
diff changeset
63 set_logger = set_logger;
6940
2be5e19485aa util.session: How does a session relate do a connection?
Kim Alvefur <zash@zash.se>
parents: 6939
diff changeset
64 set_conn = set_conn;
6941
33fbc835697d util.session: How would you even send anything to a session?
Kim Alvefur <zash@zash.se>
parents: 6940
diff changeset
65 set_send = set_send;
6937
f5d2e58fbefa util.session: What is a session?
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66 }