Software / code / prosody
Annotate
util/hmac.lua @ 10721:3a1b1d3084fb 0.11
core.certmanager: Move EECDH ciphers before EDH in default cipherstring (fixes #1513)
Backport of 94e341dee51c
The original intent of having kEDH before kEECDH was that if a `dhparam`
file was specified, this would be interpreted as a preference by the
admin for old and well-tested Diffie-Hellman key agreement over newer
elliptic curve ones. Otherwise the faster elliptic curve ciphersuites
would be preferred. This didn't really work as intended since this
affects the ClientHello on outgoing s2s connections, leading to some
servers using poorly configured kEDH.
With Debian shipping OpenSSL settings that enforce a higher security
level, this caused interoperability problems with servers that use DH
params smaller than 2048 bits. E.g. jabber.org at the time of this
writing has 1024 bit DH params.
MattJ says
> Curves have won, and OpenSSL is less weird about them now
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 25 Aug 2019 20:22:35 +0200 |
| parent | 5776:bd0ff8ae98a8 |
| child | 9958:d879f2253c2d |
| rev | line source |
|---|---|
|
1522
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1516
diff
changeset
|
1 -- Prosody IM |
|
2923
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
1522
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
|
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
1522
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5537
diff
changeset
|
4 -- |
|
1522
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1516
diff
changeset
|
5 -- This project is MIT/X11 licensed. Please see the |
|
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1516
diff
changeset
|
6 -- COPYING file in the source package for more information. |
|
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1516
diff
changeset
|
7 -- |
|
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1516
diff
changeset
|
8 |
|
5537
15464633d8fb
util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents:
3540
diff
changeset
|
9 -- COMPAT: Only for external pre-0.9 modules |
|
15464633d8fb
util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents:
3540
diff
changeset
|
10 |
| 1456 | 11 local hashes = require "util.hashes" |
| 12 | |
|
5537
15464633d8fb
util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents:
3540
diff
changeset
|
13 return { md5 = hashes.hmac_md5, |
|
15464633d8fb
util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents:
3540
diff
changeset
|
14 sha1 = hashes.hmac_sha1, |
|
15464633d8fb
util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents:
3540
diff
changeset
|
15 sha256 = hashes.hmac_sha256 }; |
