mod_tls: Check that connection has starttls method first to prevent offering starttls over tls (thanks Remko and Tobias)
--- a/plugins/mod_tls.lua Thu Jan 26 14:18:30 2017 +0100
+++ b/plugins/mod_tls.lua Fri Jan 27 12:21:09 2017 +0100
@@ -62,10 +62,10 @@
end
local function can_do_tls(session)
- if session.ssl_ctx ~= nil then
+ if not session.conn.starttls then
+ return false;
+ elseif session.ssl_ctx ~= nil then
return session.ssl_ctx;
- elseif not session.conn.starttls then
- return false;
end
if session.type == "c2s_unauthed" then
session.ssl_ctx = ssl_ctx_c2s;