annotate mod_warn_legacy_tls/README.markdown @ 5173:460f78654864

mod_muc_rtbl: also filter messages This was a bit tricky because we don't want to run the JIDs through SHA256 on each message. Took a while to come up with this simple plan of just caching the SHA256 of the JIDs on the occupants. This will leave some dirt in the occupants after unloading the module, but that should be ok; once they cycle the room, the hashes will be gone. This is direly needed, otherwise, there is a tight race between the moderation activities and the actors joining the room.
author Jonas Schäfer <jonas@wielicki.name>
date Tue, 21 Feb 2023 21:37:27 +0100
parents 5073bbd86970
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3728
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 TLS 1.0 and TLS 1.1 are about to be obsolete. This module warns clients
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 if they are using those versions, to prepare for disabling them.
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 # Configuration
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 ``` {.lua}
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 modules_enabled = {
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 -- other modules etc
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 "warn_legacy_tls";
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 }
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 -- This is the default, you can leave it out if you don't wish to
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 -- customise or translate the message sent.
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 -- '%s' will be replaced with the TLS version in use.
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 legacy_tls_warning = [[
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 Your connection is encrypted using the %s protocol, which has been demonstrated to be insecure and will be disabled soon. Please upgrade your client.
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 ]]
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 ```
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 ## Options
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 `legacy_tls_warning`
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 : A string. The text of the message sent to clients that use outdated
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 TLS versions. Default as in the above example.
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 `legacy_tls_versions`
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 : Set of TLS versions, defaults to
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 `{ "SSLv3", "TLSv1", "TLSv1.1" }`{.lua}, i.e. TLS \< 1.2.