Mercurial > prosody-modules

view mod_s2s_never_encrypt_blacklist/README.markdown @ 5160:8474a3b80200

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_firewall: Fix 'is_admin' internal dependency rule #1797 (thanks diane) Looks like the boolean logic was inverted here. Instead, for now, simply check if is_admin is there. It is deprecated in trunk and was briefly removed before being brought back with a 'deprecated' warning as part of the new roles and permissions work. Making this dependency conditioned on the existence of the underlying function should make it work until it actually goes away for real.
author Kim Alvefur <zash@zash.se>
date Fri, 27 Jan 2023 23:06:25 +0100
parents 4d73a1a6ba68
children
line wrap: on
line source

---
labels:
- 'Stage-Beta'
summary: |
    Stops prosody from including starttls into available features for
    specified remote servers.
...

Details
-------

Let's you stop Prosody from sending \<starttls
xmlns='urn:ietf:params:xml:ns:xmpp-tls'\> feature to choppy/buggy
servers which therefore would fail to re-negotiate and use a secure
stream. (e.g. [OpenFire
3.7.0](http://issues.igniterealtime.org/browse/OF-405))

Usage
-----

Copy the plugin into your prosody's modules directory.

And add it between your enabled modules into the global section
(modules\_enabled).

Then list each host as follow:

    tls_s2s_blacklist = { "host1.tld", "host2.tld", "host3.tld" }

In the unfortunate case of OpenFire... you can add the Server's ip
address directly as it may not send proper rfc6121 requests.

    tls_s2s_blacklist_ip = { "a.a.a.a", "b.b.b.b", "c.c.c.c" }

Compatibility
-------------

It's supposed to work with 0.7-0.8.x