[mod_s2s_never_encrypt_blacklist] blacklisted s2s connections fail with s2s_require_encryption enabled

Question

[mod_s2s_never_encrypt_blacklist] blacklisted s2s connections fail with s2s_require_encryption enabled

Opened this issue 10 years ago · 1 comments

GoogleCodeExporter commented 10 years ago

Aparrently, the tls_s2s_blacklist option has no effect when 
s2s_require_encryption is also enabled, in this case, TLS connections are tried 
nevertheless and the s2s connections fails. It would be nice to have the 
ability to enforce encryption to all servers except a few blacklisted ones.

I tried this with prosody 0.9.3 from the prosody repository on Debian wheezy, 
and had troubles connecting to gmx.de. Attached is an excerpt of my debug log.

Original issue reported on code.google.com by goo...@rohieb.name on 26 Mar 2014 at 2:17

Attachments:

log

Answer 1 · 2015-03-15T03:44:56.000Z

Okay, I had a quick look through the code, a possible approach to implement 
this could be to set event.session.secure to true, otherwise we would have to 
patch mod_s2s somehow as it does explicitly check for this and closes the 
connection otherwise if encryption is also required.

Original comment by goo...@rohieb.name on 26 Mar 2014 at 2:37