+local host = hosts[module.host];
+
+local function can_do_tls(session)
+ if session.type == "c2s_unauthed" then
+ return session.conn.starttls and host.ssl_ctx_in;
+ elseif session.type == "s2sin_unauthed" and allow_s2s_tls then
+ return session.conn.starttls and host.ssl_ctx_in;
+ elseif session.direction == "outgoing" and allow_s2s_tls then
+ return session.conn.starttls and host.ssl_ctx;
+ end
+ return false;
+end
+