# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1269470099 0
# Node ID e68ff49fa79be9db69588781c896319d8adc94f8
# Parent  de4daf300f19096a46a32f7c23c78aa7814451c9# Parent  d2816fb6c7eaecbf4d03554ff376f42f79a3d770
Merge 0.6->0.7

diff -r de4daf300f19 -r e68ff49fa79b plugins/mod_tls.lua
--- a/plugins/mod_tls.lua	Tue Mar 23 20:55:28 2010 +0500
+++ b/plugins/mod_tls.lua	Wed Mar 24 22:34:59 2010 +0000
@@ -10,6 +10,7 @@
 
 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
 local secure_s2s_only = module:get_option("s2s_require_encryption");
+local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false;
 
 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls';
 local starttls_attr = { xmlns = xmlns_starttls };
@@ -27,9 +28,9 @@
 local function can_do_tls(session)
 	if session.type == "c2s_unauthed" then
 		return session.conn.starttls and host.ssl_ctx_in;
-	elseif session.type == "s2sin_unauthed" then
+	elseif session.type == "s2sin_unauthed" and allow_s2s_tls then
 		return session.conn.starttls and host.ssl_ctx_in;
-	elseif session.direction == "outgoing" then
+	elseif session.direction == "outgoing" and allow_s2s_tls then
 		return session.conn.starttls and host.ssl_ctx;
 	end
 	return false;