Disable the TLS welcome notice by default.

This is just needless spam for the vast majority of users.
2025-03-09 10:39:02 -04:00 · 2023-11-23 15:42:20 +00:00 · 2023-11-23 15:42:20 +00:00 · ec0dd57538
commit ec0dd57538
parent 86facc6929
2 changed files with 20 additions and 10 deletions
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@ -2457,13 +2457,18 @@
 #                 that can be left on a user's TLS client certificate #
 #                 before users are warned about the imminent expiry.  #
 #                                                                     #
+#  welcomemsg   - Whether to send a welcome message to users that are #
+#                 connecting using TLS containing their server name,  #
+#                 ciphersuite and client fingerprint. Defaults to no. #
+#                                                                     #
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 #
 #<sslinfo hash="sha-256"
 #         localsecure="yes"
 #         operonly="no"
 #         spkifp="no"
-#         warnexpiring="1w">
+#         warnexpiring="1w"
+#         welcomemsg="no">

 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # mbedTLS TLS module: Adds support for TLS connections using mbedTLS.
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@ -309,6 +309,7 @@ private:
 	std::string hash;
 	bool spkifp;
 	unsigned long warnexpiring;
+	bool welcomemsg;

 	static bool MatchFP(ssl_cert* const cert, const std::string& fp)
 	{
@ -333,6 +334,7 @@ public:
 		hash = tag->getString("hash");
 		spkifp = tag->getBool("spkifp");
 		warnexpiring = tag->getDuration("warnexpiring", 0, 0, 60*60*24*365);
+		welcomemsg = tag->getBool("welcomemsg");
 	}

 	void OnWhois(Whois::Context& whois) override
@ -400,15 +402,18 @@ public:

 		ssl_cert* const cert = ssliohook->GetCertificate();

-		std::string text = "*** You are connected to ";
-		if (!ssliohook->GetServerName(text))
-			text.append(ServerInstance->Config->GetServerName());
-		text.append(" using TLS cipher '");
-		ssliohook->GetCiphersuite(text);
-		text.push_back('\'');
-		if (cert && !cert->GetFingerprint().empty())
-			text.append(" and your TLS client certificate fingerprint is ").append(cert->GetFingerprint());
-		user->WriteNotice(text);
+		if (welcomemsg)
+		{
+			std::string text = "*** You are connected to ";
+			if (!ssliohook->GetServerName(text))
+				text.append(ServerInstance->Config->GetServerName());
+			text.append(" using TLS cipher '");
+			ssliohook->GetCiphersuite(text);
+			text.push_back('\'');
+			if (cert && !cert->GetFingerprint().empty())
+				text.append(" and your TLS client certificate fingerprint is ").append(cert->GetFingerprint());
+			user->WriteNotice(text);
+		}

 		if (!cert || !warnexpiring || !cert->GetExpirationTime())
 			return;