2 -- Copyright (C) 2008-2009 Matthew Wild
3 -- Copyright (C) 2008-2009 Waqas Hussain
5 -- This project is MIT/X11 licensed. Please see the
6 -- COPYING file in the source package for more information.
11 local st = require "util.stanza";
13 local xmlns_starttls ='urn:ietf:params:xml:ns:xmpp-tls';
15 local config = require "core.configmanager";
16 local secure_auth_only = config.get("*", "core", "require_encryption");
18 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls,
19 function (session, stanza)
20 if session.conn.starttls then
21 session.send(st.stanza("proceed", { xmlns = xmlns_starttls }));
22 session:reset_stream();
23 session.conn.starttls();
24 session.log("info", "TLS negotiation started...");
25 session.secure = false;
28 session.log("warn", "Attempt to start TLS, but TLS is not available on this connection");
32 local starttls_attr = { xmlns = xmlns_starttls };
33 module:add_event_hook("stream-features",
34 function (session, features)
35 if session.conn.starttls then
36 features:tag("starttls", starttls_attr);
37 if secure_auth_only then
38 features:tag("required"):up():up();