prosody-modules: mod_warn_legacy_tls/README.markdown annotate

annotate mod_warn_legacy_tls/README.markdown @ 5682:527c747711f3

mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.

author	Kim Alvefur <zash@zash.se>
date	Sun, 29 Oct 2023 11:30:49 +0100
parents	5073bbd86970
children

rev	line source
3728 5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	1 TLS 1.0 and TLS 1.1 are about to be obsolete. This module warns clients
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	2 if they are using those versions, to prepare for disabling them.
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	3
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	4 # Configuration
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	5
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	6 ``` {.lua}
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	7 modules_enabled = {
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	8 -- other modules etc
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	9 "warn_legacy_tls";
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	10 }
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	11
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	12 -- This is the default, you can leave it out if you don't wish to
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	13 -- customise or translate the message sent.
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	14 -- '%s' will be replaced with the TLS version in use.
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	15 legacy_tls_warning = [[
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	16 Your connection is encrypted using the %s protocol, which has been demonstrated to be insecure and will be disabled soon. Please upgrade your client.
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	17 ]]
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	18 ```
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	19
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	20 ## Options
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	21
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	22 `legacy_tls_warning`
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	23 : A string. The text of the message sent to clients that use outdated
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	24 TLS versions. Default as in the above example.
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	25
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	26 `legacy_tls_versions`
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	27 : Set of TLS versions, defaults to
5073bbd86970 mod_warn_legacy_tls: Add a README Kim Alvefur <zash@zash.se> parents: diff changeset	28 `{ "SSLv3", "TLSv1", "TLSv1.1" }`{.lua}, i.e. TLS \< 1.2.

Mercurial > prosody-modules

annotate mod_warn_legacy_tls/README.markdown @ 5682:527c747711f3