Mercurial > prosody-hg
comparison plugins/mod_tls.lua @ 12330:38b5b05407be
various: Require encryption by default for real
These options have been specified (and enabled) in the default config file for
a long time. However if unspecified in the config, they were not enabled. Now
they are.
This may result in a change of behaviour for people using very old config
files that lack the require_encryption options. But that's what we want.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 25 Dec 2021 16:23:40 +0100 |
| parents | 5c2ae28f536e |
| children | b193f8a2737e |
comparison
equal
deleted
inserted
replaced
| 12329:c980210ca095 | 12330:38b5b05407be |
|---|---|
| 8 | 8 |
| 9 local create_context = require "core.certmanager".create_context; | 9 local create_context = require "core.certmanager".create_context; |
| 10 local rawgetopt = require"core.configmanager".rawget; | 10 local rawgetopt = require"core.configmanager".rawget; |
| 11 local st = require "util.stanza"; | 11 local st = require "util.stanza"; |
| 12 | 12 |
| 13 local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption")); | 13 local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption", true)); |
| 14 local s2s_require_encryption = module:get_option("s2s_require_encryption"); | 14 local s2s_require_encryption = module:get_option("s2s_require_encryption", true); |
| 15 local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; | 15 local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; |
| 16 local s2s_secure_auth = module:get_option("s2s_secure_auth"); | 16 local s2s_secure_auth = module:get_option("s2s_secure_auth"); |
| 17 | 17 |
| 18 if s2s_secure_auth and s2s_require_encryption == false then | 18 if s2s_secure_auth and s2s_require_encryption == false then |
| 19 module:log("warn", "s2s_secure_auth implies s2s_require_encryption, but s2s_require_encryption is set to false"); | 19 module:log("warn", "s2s_secure_auth implies s2s_require_encryption, but s2s_require_encryption is set to false"); |
