Hi all! At the last summit in Brussels, at some point, the issue of how reporting errors from TLS cipher mismatches is kinda horrible. So the idea of allowing a more liberal set of ciphers but throwing a <stream:error> at the application level came up and I wrote a proof-of-concept plugin for Prosody doing just this.
http://modules.prosody.im/mod_tls_policy.html It will basically run a pattern match on the cipher string and, if it does not match, close the connection with: <stream:error> <policy-violation/> <text>TLS cipher 'RC4-MD5' not acceptable</text> </stream:error> -- Kim "Zash" Alvefur
signature.asc
Description: OpenPGP digital signature
