1 

     2 assert(require"ssl.core".info, "Incompatible LuaSec version");

     3 

     4 local function hook(event_name, typ, policy)

     5 	if not policy then return end

     6 	if policy == "FS" then

     7 		policy = { key = "DH$" };

     8 	elseif type(policy) == "string" then

     9 		policy = { cipher = policy };

    10 	end

    11 

    12 	module:hook(event_name, function (event)

    13 		local origin = event.origin;

    14 		if origin.encrypted then

    15 			local info = origin.conn:socket():info();

    16 			for key, what in pairs(policy) do

    17 				module:log("debug", "Does info[%q] = %s match %s ?", key, tostring(info[key]), tostring(what));

    18 				if (type(what) == "number" and what < info[key] ) or (type(what) == "string" and not what:match(info[key])) then

    19 					origin:close({ condition = "policy-violation", text = "Cipher not acceptable" });

    20 					return false;

    21 				end

    22 				module:log("debug", "Seems so");

    23 			end

    24 			module:log("debug", "Policy matches");

    25 		end

    26 	end, 1000);

    27 end

    28 

    29 local policy = module:get_option(module.name, {});

    30 

    31 if type(policy) == "string" then

    32 	policy = { c2s = policy, s2s = policy };

    33 end

    34 

    35 hook("stream-features", "c2s", policy.c2s);

    36 hook("s2s-stream-features", "s2sin", policy.s2sin or policy.s2s);

    37 hook("stanza/http://etherx.jabber.org/streams:features", "s2sout", policy.s2sout or policy.s2s);