#595 mod_register allows account creation before TLS
Reporter
Zash
Owner
Zash
Created
Updated
Stars
(0)
Tags
Milestone-0.9
Priority-Medium
Type-Defect
Status-Fixed
Security
Zash
on
With registration enabled and allowed but c2s_require_encryption = true IBR will succeed on unencrypted connections.
It should probably respect c2s_require_encryption.
Seems to affect all current versions.
With registration enabled and allowed but c2s_require_encryption = true IBR will succeed on unencrypted connections. It should probably respect c2s_require_encryption. Seems to affect all current versions.
Fixed in https://hg.prosody.im/0.9/rev/72b6d5ab4137
ChangesHidden