annotate mod_sslv3_warn/mod_sslv3_warn.lua @ 5211:079ca766193b

mod_conversejs: This one weird trick updates options on reload Options queried from the config in get_converse_options() would take effect immediately after Prosody reloads the config. Including 'conversejs_options' in this behaviour by simply moving a line seems worth it.
author Kim Alvefur <zash@zash.se>
date Thu, 23 Feb 2023 00:30:59 +0100
parents 37cef218ba20
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1525
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 local st = require"util.stanza";
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 local host = module.host;
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local warning_message = module:get_option_string("sslv3_warning", "Your connection is encrypted using the SSL 3.0 protocol, which has been demonstrated to be insecure and will be disabled soon. Please upgrade your client.");
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 module:hook("resource-bind", function (event)
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local session = event.session;
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 module:log("debug", "mod_%s sees that %s logged in", module.name, session.username);
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 local ok, protocol = pcall(function(session)
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 return session.conn:socket():info"protocol";
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 end, session);
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 if not ok then
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 module:log("debug", protocol);
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 elseif protocol == "SSLv3" then
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 module:add_timer(15, function ()
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 if session.type == "c2s" and session.resource then
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 session.send(st.message({ from = host, type = "headline", to = session.full_jid }, warning_message));
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 end
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 end);
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 end
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 end);