view mod_disable_tls/README.markdown @ 5390:f2363e6d9a64

mod_http_oauth2: Advertise the currently supported id_token signing algorithm This field is REQUIRED. The algorithm RS256 MUST be included, but isn't because we don't implement it, as that would require implementing a pile of additional cryptography and JWT stuff. Instead the id_token is signed using the client secret, which allows verification by the client, since it's a shared secret per OpenID Connect Core 1.0 ยง 10.1 under Symmetric Signatures. OpenID Connect Discovery 1.0 has a lot of REQUIRED and MUST clauses that are not supported here, but that's okay because this is served from the RFC 8414 OAuth 2.0 Authorization Server Metadata .well-known endpoint!
author Kim Alvefur <zash@zash.se>
date Sun, 30 Apr 2023 16:13:40 +0200
parents 4d73a1a6ba68
children
line wrap: on
line source

---
labels:
- 'Stage-Beta'
summary: Disable TLS on certain client ports
...

Introduction
============

This module can be used to prevent Prosody from offering TLS on client
ports that you specify. This can be useful to work around buggy clients
when transport security is not required.

Configuration
=============

Load the module, and set `disable_tls_ports` to a list of ports:

        disable_tls_ports = { 5322 }

Don't forget to add any extra ports to c2s\_ports, so that Prosody is
actually listening for connections!

Compatibility
=============

  ----- -------
  0.9   Works
  ----- -------