Software /
code /
prosody
Comparison
plugins/mod_tls.lua @ 12330:38b5b05407be
various: Require encryption by default for real
These options have been specified (and enabled) in the default config file for
a long time. However if unspecified in the config, they were not enabled. Now
they are.
This may result in a change of behaviour for people using very old config
files that lack the require_encryption options. But that's what we want.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 25 Dec 2021 16:23:40 +0100 |
parent | 12211:5c2ae28f536e |
child | 12482:b193f8a2737e |
comparison
equal
deleted
inserted
replaced
12329:c980210ca095 | 12330:38b5b05407be |
---|---|
8 | 8 |
9 local create_context = require "core.certmanager".create_context; | 9 local create_context = require "core.certmanager".create_context; |
10 local rawgetopt = require"core.configmanager".rawget; | 10 local rawgetopt = require"core.configmanager".rawget; |
11 local st = require "util.stanza"; | 11 local st = require "util.stanza"; |
12 | 12 |
13 local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption")); | 13 local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption", true)); |
14 local s2s_require_encryption = module:get_option("s2s_require_encryption"); | 14 local s2s_require_encryption = module:get_option("s2s_require_encryption", true); |
15 local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; | 15 local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; |
16 local s2s_secure_auth = module:get_option("s2s_secure_auth"); | 16 local s2s_secure_auth = module:get_option("s2s_secure_auth"); |
17 | 17 |
18 if s2s_secure_auth and s2s_require_encryption == false then | 18 if s2s_secure_auth and s2s_require_encryption == false then |
19 module:log("warn", "s2s_secure_auth implies s2s_require_encryption, but s2s_require_encryption is set to false"); | 19 module:log("warn", "s2s_secure_auth implies s2s_require_encryption, but s2s_require_encryption is set to false"); |