prosody-modules: mod_warn_legacy_tls/mod_warn_legacy

annotate mod_warn_legacy_tls/mod_warn_legacy_tls.lua @ 4409:44f6537f6427

mod_invites_adhoc: Fail contact invite if user is not on current host Only the username was being used, and the host of the requester ignored. Luckily this only affects admins of the host. If they want to create an account they can use the other command. If they want to create a contact they should request from their account on this host.

author	Matthew Wild <mwild1@gmail.com>
date	Thu, 28 Jan 2021 07:04:11 +0000
parents	406b32b50457
children

rev	line source
1525 37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	1 local st = require"util.stanza";
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	2 local host = module.host;
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	3
3727 36023eb3254e mod_warn_legacy_tls: Adapt to warn about TLS < 1.2 Kim Alvefur <zash@zash.se> parents: 3726 diff changeset	4 local deprecated_protocols = module:get_option_set("legacy_tls_versions", { "SSLv3", "TLSv1", "TLSv1.1" });
36023eb3254e mod_warn_legacy_tls: Adapt to warn about TLS < 1.2 Kim Alvefur <zash@zash.se> parents: 3726 diff changeset	5 local warning_message = module:get_option_string("legacy_tls_warning", "Your connection is encrypted using the %s protocol, which has known problems and will be disabled soon. Please upgrade your client.");
1525 37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	6
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	7 module:hook("resource-bind", function (event)
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	8 local session = event.session;
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	9 module:log("debug", "mod_%s sees that %s logged in", module.name, session.username);
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	10
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	11 local ok, protocol = pcall(function(session)
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	12 return session.conn:socket():info"protocol";
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	13 end, session);
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	14 if not ok then
3727 36023eb3254e mod_warn_legacy_tls: Adapt to warn about TLS < 1.2 Kim Alvefur <zash@zash.se> parents: 3726 diff changeset	15 module:log("debug", "Could not determine TLS version: %s", protocol);
36023eb3254e mod_warn_legacy_tls: Adapt to warn about TLS < 1.2 Kim Alvefur <zash@zash.se> parents: 3726 diff changeset	16 elseif deprecated_protocols:contains(protocol) then
3730 ec3eb426271e mod_warn_legacy_tls: Log a warning attached to sessions using deprecated TLS versions Kim Alvefur <zash@zash.se> parents: 3727 diff changeset	17 session.log("warn", "Uses %s", protocol);
1525 37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	18 module:add_timer(15, function ()
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	19 if session.type == "c2s" and session.resource then
3727 36023eb3254e mod_warn_legacy_tls: Adapt to warn about TLS < 1.2 Kim Alvefur <zash@zash.se> parents: 3726 diff changeset	20 session.send(st.message({ from = host, type = "headline", to = session.full_jid }, warning_message:format(protocol)));
1525 37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	21 end
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	22 end);
3731 406b32b50457 mod_warn_legacy_tls: Log debug message for acceptable TLS versions Kim Alvefur <zash@zash.se> parents: 3730 diff changeset	23 else
406b32b50457 mod_warn_legacy_tls: Log debug message for acceptable TLS versions Kim Alvefur <zash@zash.se> parents: 3730 diff changeset	24 module:log("debug", "Using acceptable TLS version: %s", protocol);
1525 37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	25 end
37cef218ba20 mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure Kim Alvefur <zash@zash.se> parents: diff changeset	26 end);

Mercurial > prosody-modules

annotate mod_warn_legacy_tls/mod_warn_legacy_tls.lua @ 4409:44f6537f6427