3732
|
1 |
TLS 1.0 and TLS 1.1 are about to be obsolete. This module warns clients |
|
2 |
if they are using those versions, to prepare for disabling them. |
|
3 |
|
|
4 |
# Configuration |
|
5 |
|
|
6 |
``` {.lua} |
|
7 |
modules_enabled = { |
|
8 |
-- other modules etc |
|
9 |
"warn_legacy_tls"; |
|
10 |
} |
|
11 |
|
|
12 |
-- This is the default, you can leave it out if you don't wish to |
|
13 |
-- customise or translate the message sent. |
|
14 |
-- '%s' will be replaced with the TLS version in use. |
|
15 |
legacy_tls_warning = [[ |
|
16 |
Your connection is encrypted using the %s protocol, which has been demonstrated to be insecure and will be disabled soon. Please upgrade your client. |
|
17 |
]] |
|
18 |
``` |
|
19 |
|
|
20 |
## Options |
|
21 |
|
|
22 |
`legacy_tls_warning` |
|
23 |
: A string. The text of the message sent to clients that use outdated |
|
24 |
TLS versions. Default as in the above example. |
|
25 |
|
|
26 |
`legacy_tls_versions` |
|
27 |
: Set of TLS versions, defaults to |
|
28 |
`{ "SSLv3", "TLSv1", "TLSv1.1" }`{.lua}, i.e. TLS \< 1.2. |