# HG changeset patch # User Kim Alvefur # Date 1572782599 -3600 # Node ID 36023eb3254ee62984a73c2a829e09a10388420c # Parent 362c45f6770413110c252af601c1ecf1101a170d mod_warn_legacy_tls: Adapt to warn about TLS < 1.2 diff -r 362c45f67704 -r 36023eb3254e mod_warn_legacy_tls/mod_warn_legacy_tls.lua --- a/mod_warn_legacy_tls/mod_warn_legacy_tls.lua Sun Nov 03 12:56:25 2019 +0100 +++ b/mod_warn_legacy_tls/mod_warn_legacy_tls.lua Sun Nov 03 13:03:19 2019 +0100 @@ -1,7 +1,8 @@ local st = require"util.stanza"; local host = module.host; -local warning_message = module:get_option_string("sslv3_warning", "Your connection is encrypted using the SSL 3.0 protocol, which has been demonstrated to be insecure and will be disabled soon. Please upgrade your client."); +local deprecated_protocols = module:get_option_set("legacy_tls_versions", { "SSLv3", "TLSv1", "TLSv1.1" }); +local warning_message = module:get_option_string("legacy_tls_warning", "Your connection is encrypted using the %s protocol, which has known problems and will be disabled soon. Please upgrade your client."); module:hook("resource-bind", function (event) local session = event.session; @@ -11,11 +12,11 @@ return session.conn:socket():info"protocol"; end, session); if not ok then - module:log("debug", protocol); - elseif protocol == "SSLv3" then + module:log("debug", "Could not determine TLS version: %s", protocol); + elseif deprecated_protocols:contains(protocol) then module:add_timer(15, function () if session.type == "c2s" and session.resource then - session.send(st.message({ from = host, type = "headline", to = session.full_jid }, warning_message)); + session.send(st.message({ from = host, type = "headline", to = session.full_jid }, warning_message:format(protocol))); end end); end