# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1269470453 0
# Node ID 9380838a19dcd6f34de8a79ae184601433702d82
# Parent  e68ff49fa79be9db69588781c896319d8adc94f8# Parent  c186b4883b8d9a22039adbbe6c81dbd9af0af3d0
Merge 0.7/waqas->0.7/MattJ

diff -r c186b4883b8d -r 9380838a19dc plugins/mod_tls.lua
--- a/plugins/mod_tls.lua	Wed Mar 24 00:07:17 2010 +0500
+++ b/plugins/mod_tls.lua	Wed Mar 24 22:40:53 2010 +0000
@@ -10,6 +10,7 @@
 
 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
 local secure_s2s_only = module:get_option("s2s_require_encryption");
+local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false;
 
 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls';
 local starttls_attr = { xmlns = xmlns_starttls };
@@ -27,9 +28,9 @@
 local function can_do_tls(session)
 	if session.type == "c2s_unauthed" then
 		return session.conn.starttls and host.ssl_ctx_in;
-	elseif session.type == "s2sin_unauthed" then
+	elseif session.type == "s2sin_unauthed" and allow_s2s_tls then
 		return session.conn.starttls and host.ssl_ctx_in;
-	elseif session.direction == "outgoing" then
+	elseif session.direction == "outgoing" and allow_s2s_tls then
 		return session.conn.starttls and host.ssl_ctx;
 	end
 	return false;