prosody
38c95544b7ee
core/features.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

core/features.lua @ 13289:38c95544b7ee

mod_saslauth, mod_c2s: Disable tls-server-end-point channel binding by default This channel binding method is now enabled when a hash is manually set in the config, or it attempts to discover the hash automatically if the value is the special string "auto". A related change to mod_c2s prevents complicated certificate lookups in the client connection hot path - this work now happens only when this channel binding method is used. I'm not aware of anything else that uses ssl_cfg (vs ssl_ctx). Rationale for disabling by default: - Minor performance impact in automatic cert detection - This method is weak against a leaked/stolen private key (other methods such as 'tls-exporter' would not be compromised in such a case) Rationale for keeping the implementation: - For some deployments, this may be the only method available (e.g. due to TLS offloading in another process/server).
author Matthew Wild <mwild1@gmail.com>
date Thu, 26 Oct 2023 15:14:39 +0100
parent 13211:4d4f9e42bcf8
child 13425:3cebb30e7503
line wrap: on
line source

local set = require "prosody.util.set";

return {
	available = set.new{
		-- mod_bookmarks bundled
		"mod_bookmarks";
		-- Roles, module.may and per-session authz
		"permissions";
		-- prosody.* namespace
		"loader";
		-- "keyval+" store
		"keyval+";

		"s2sout-pre-connect-event";

		-- prosody:guest, prosody:registered, prosody:member
		"split-user-roles";

		-- new moduleapi methods
		"getopt-enum";
		"getopt-interval";
		"getopt-period";
		"getopt-integer";
	};
};