mod_tls: Attempt STARTTLS on outgoing unencrypted legacy s2s connections

As suggested by RFC 7590
2025-04-04 05:37:39 +03:00 · 2021-09-01 19:05:24 +02:00 · 2021-09-01 19:05:24 +02:00 · e3c0a877bf
commit e3c0a877bf
parent c6adacaaad
1 changed files with 8 additions and 0 deletions
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@ -165,6 +165,14 @@ module:hook_tag("http://etherx.jabber.org/streams", "features", function (sessio
 	end
 end, 500);

+module:hook("s2sout-authenticate-legacy", function(event)
+	local session = event.origin;
+	if s2s_require_encryption and can_do_tls(session) then
+		session.sends2s(starttls_initiate);
+		return true;
+	end
+end, 200);
+
 module:hook_tag(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza
 	if session.type == "s2sout_unauthed" and can_do_tls(session) then
 		module:log("debug", "Proceeding with TLS on s2sout...");