prosody
6ad335cd43f9

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

11766:6ad335cd43f9

mod_tls: Attempt STARTTLS on outgoing unencrypted legacy s2s connections As suggested by RFC 7590
author Kim Alvefur <zash@zash.se>
date Wed, 01 Sep 2021 19:05:24 +0200
parents 11765:1cac469b18d0
children 11767:5610f7c5b261
files plugins/mod_tls.lua
diffstat 1 files changed, 8 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_tls.lua	Sat Sep 04 14:39:31 2021 +0200
+++ b/plugins/mod_tls.lua	Wed Sep 01 19:05:24 2021 +0200
@@ -165,6 +165,14 @@
 	end
 end, 500);
 
+module:hook("s2sout-authenticate-legacy", function(event)
+	local session = event.origin;
+	if s2s_require_encryption and can_do_tls(session) then
+		session.sends2s(starttls_initiate);
+		return true;
+	end
+end, 200);
+
 module:hook_tag(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza
 	if session.type == "s2sout_unauthed" and can_do_tls(session) then
 		module:log("debug", "Proceeding with TLS on s2sout...");