commit 916dce0d89af6de47dab861be89e5a043ef8f27a
Author: selfhoster1312 <selfhoster1312@kl.netlib.re>
Date: Fri Dec 12 11:58:36 2025 +0000
xmpp: Introduce `NoStartTls`/`UseDirectTls` settings, deprecate `NoTls`
diff --git a/bridge/xmpp/xmpp.go b/bridge/xmpp/xmpp.go
index 3e0c800..a15b53f 100644
--- a/bridge/xmpp/xmpp.go
+++ b/bridge/xmpp/xmpp.go
@@ -1656 +16511 @@ func (b *Bxmpp) postSlackCompatibleWebhook(msg config.Message) error {
}
func (b *Bxmpp) createXMPP() error {
+ // TODO: remove in release after first community fork release (N+2)
+ if b.GetBool("NoTLS") {
+ b.Log.Fatalf("NoTLS setting has been deprecated. If you'd like to disable StartTLS and start a plaintext connection, use NoStartTLS instead.")
+ }
+
var serverName string
switch {
case !b.GetBool("Anonymous"):
@@ -18715 +19215 @@ func (b *Bxmpp) createXMPP() error {
Host: b.GetString("Server"),
User: b.GetString("Jid"),
Password: b.GetString("Password"),
- NoTLS: true,
- StartTLS: !b.GetBool("NoTLS"),
+ NoTLS: !b.GetBool("UseDirectTLS"),
+ StartTLS: !b.GetBool("NoStartTLS"),
TLSConfig: tc,
Debug: b.GetBool("debug"),
Session: true,
Status: "",
StatusMessage: "",
Resource: "",
- InsecureAllowUnencryptedAuth: b.GetBool("NoTLS"),
+ InsecureAllowUnencryptedAuth: !b.GetBool("UseDirectTLS") && b.GetBool("NoStartTLS"),
DebugWriter: b.Log.Writer(),
Mechanism: b.GetString("Mechanism"),
}
diff --git a/changelog.md b/changelog.md
index cf20080..5ad7ba9 100644
--- a/changelog.md
+++ b/changelog.md
@@ -136 +137 @@
[issue #9](https://github.com/matterbridge-org/matterbridge/issues/9)
- whatsapp backend has been deprecated in favor of whatsappmulti. See [issue #32](https://github.com/matterbridge-org/matterbridge/issues/32)
- xmpp: Initial replies/edits support has been removed, because it was incorrect ([#12](https://github.com/matterbridge-org/matterbridge/pull/12))
+- xmpp: `NoTls` setting has been deprecated; to disable `StartTls` and start a plaintext connection, use `NoStartTls`
- Go required version is now v1.24
## New Features
@@ -256 +268 @@
- Add new Mastodon bridge ([#14](https://github.com/matterbridge-org/matterbridge/pull/14)/[#16](https://github.com/matterbridge-org/matterbridge/pull/16), thanks @lil5)
- Supports public messages and private messages
- Supports attachments
+- xmpp
+ - New and revised advanced authentication settings `UseDirectTLS`, `NoStartTls`, and `Mechanism` ([#77](https://github.com/matterbridge-org/matterbridge/pull/77))
## Bugfixes
diff --git a/docs/protocols/xmpp/settings.md b/docs/protocols/xmpp/settings.md
index f62731a..6b6b3a3 100644
--- a/docs/protocols/xmpp/settings.md
+++ b/docs/protocols/xmpp/settings.md
@@ -4810 +4811 @@ Your nick in the rooms
Nick="xmppbot"
```
-## NoTLS
+## NoTLS (DEPRECATED)
-Enable this to make an insecure plaintext connection to your xmpp server.
-This is usually not permitted by XMPP servers even on localhost.
+> [!WARNING]
+> This setting has been deprecated. matterbridge will refuse to start if you are using it.
+> You should use the new `UseDirectTls` and `NoStartTls` settings instead.
- Setting: **OPTIONAL**
- Format: *boolean*
@@ -606 +6133 @@ This is usually not permitted by XMPP servers even on localhost.
NoTLS=true
```
+## UseDirectTLS
+
+Enables direct TLS connection to your server. Most servers by default only support StartTLS,
+so this option should only be enabled if you know what you are doing. When `UseDirectTLS` is
+not set, and `NoStartTls` is enabled, a plaintext connection is established, which
+should only be used in a local testing environment.
+
+- Setting: **OPTIONAL**
+- Format: *boolean*
+- Example:
+ ```toml
+ UseDirectTLS=true
+ ```
+
+## NoStartTLS
+
+Disable StartTLS connection to your server. If you'd like to use direct TLS, enable
+the `UseDirectTLS` setting. Otherwise, a plaintext connection is established, which
+should only be used in a local testing environment.
+
+- Setting: **OPTIONAL**
+- Format: *boolean*
+- Example:
+ ```toml
+ NoStartTLS=true
+ ```
+
## Password
Password for the Jid's account.
