prosody
38c95544b7ee
doc/stanza_routing.txt
Software / code / prosody
File
doc/stanza_routing.txt @ 13289:38c95544b7ee
mod_saslauth, mod_c2s: Disable tls-server-end-point channel binding by default
This channel binding method is now enabled when a hash is manually set in the
config, or it attempts to discover the hash automatically if the value is the
special string "auto".
A related change to mod_c2s prevents complicated certificate lookups in the
client connection hot path - this work now happens only when this channel
binding method is used. I'm not aware of anything else that uses ssl_cfg (vs
ssl_ctx).
Rationale for disabling by default:
- Minor performance impact in automatic cert detection
- This method is weak against a leaked/stolen private key (other methods such
as 'tls-exporter' would not be compromised in such a case)
Rationale for keeping the implementation:
- For some deployments, this may be the only method available (e.g. due to
TLS offloading in another process/server).
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 26 Oct 2023 15:14:39 +0100 |
| parent | 22:2856dfc1f5cc |
line wrap: on
line source
No 'to' attribute: IQ: Pass to appropriate handler Presence: Broadcast to contacts - if initial presence, also send out presence probes - if probe would be to local user, generate presence stanza for them Message: Route as if it is addressed to the bare JID of the sender To a local host: IQ: Pass to appropriate handler Presence: - Message: Deliver to admin? To local contact: Bare JID: IQ: Pass to appropriate handler Presence: Broadcast to all resources Message: Route to 'best' resource Full JID: IQ: Send to resource Presence: Send to resource Message: Send to resource Full JID but resource not connected: IQ: Return service-unavailable Message: Handle same as if to bare JID Presence: Drop (unless type=subscribe[ed]) To remote contact: Initiate s2s connection if necessary Send stanza across
