annotate mod_warn_legacy_tls/README.markdown @ 4980:da151f9af861

replaced 'session' with 'origin' in push_disable session is not defined in this function, trying to access it leads to an error. The correct reference seems to be 'origin'. (This may have come about by copying from the similar code in process_stanza_queue.)
author arcseconds
date Sat, 30 Jul 2022 21:07:47 +1200
parents 5073bbd86970
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3728
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 TLS 1.0 and TLS 1.1 are about to be obsolete. This module warns clients
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 if they are using those versions, to prepare for disabling them.
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 # Configuration
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 ``` {.lua}
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 modules_enabled = {
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 -- other modules etc
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 "warn_legacy_tls";
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 }
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 -- This is the default, you can leave it out if you don't wish to
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 -- customise or translate the message sent.
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 -- '%s' will be replaced with the TLS version in use.
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 legacy_tls_warning = [[
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 Your connection is encrypted using the %s protocol, which has been demonstrated to be insecure and will be disabled soon. Please upgrade your client.
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 ]]
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 ```
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 ## Options
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 `legacy_tls_warning`
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 : A string. The text of the message sent to clients that use outdated
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 TLS versions. Default as in the above example.
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 `legacy_tls_versions`
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 : Set of TLS versions, defaults to
5073bbd86970 mod_warn_legacy_tls: Add a README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 `{ "SSLv3", "TLSv1", "TLSv1.1" }`{.lua}, i.e. TLS \< 1.2.