mod_tls: Attempt STARTTLS on outgoing unencrypted legacy s2s connections
As suggested by RFC 7590
--- a/plugins/mod_tls.lua Sat Sep 04 14:39:31 2021 +0200
+++ b/plugins/mod_tls.lua Wed Sep 01 19:05:24 2021 +0200
@@ -165,6 +165,14 @@
end
end, 500);
+module:hook("s2sout-authenticate-legacy", function(event)
+ local session = event.origin;
+ if s2s_require_encryption and can_do_tls(session) then
+ session.sends2s(starttls_initiate);
+ return true;
+ end
+end, 200);
+
module:hook_tag(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza
if session.type == "s2sout_unauthed" and can_do_tls(session) then
module:log("debug", "Proceeding with TLS on s2sout...");