prosody
0fcd80a55f15
core/certmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

core/certmanager.lua @ 12120:0fcd80a55f15

core.certmanager: Add curveslist to 'old' Mozilla TLS preset Unsure if this was overlooked before or a recent addition. Reproduced the data from JSON file available. Would be nice to have a tool that does that.
author Kim Alvefur <zash@zash.se>
date Sun, 26 Dec 2021 00:05:16 +0100
parent 12105:47c9a76cce7d
child 12150:653a48b5a25b
comparison
equal deleted inserted replaced
12119:28f723cff236 12120:0fcd80a55f15
254 dane = configmanager.get("*", "use_dane"); 254 dane = configmanager.get("*", "use_dane");
255 } 255 }
256 256
257 local mozilla_ssl_configs = { 257 local mozilla_ssl_configs = {
258 -- https://wiki.mozilla.org/Security/Server_Side_TLS 258 -- https://wiki.mozilla.org/Security/Server_Side_TLS
259 -- As of 2021-11-03 259 -- Version 5.6 as of 2021-12-26
260 modern = { 260 modern = {
261 protocol = "tlsv1_3"; 261 protocol = "tlsv1_3";
262 options = { cipher_server_preference = false }; 262 options = { cipher_server_preference = false };
263 ciphers = "DEFAULT"; -- TLS 1.3 uses 'ciphersuites' rather than these 263 ciphers = "DEFAULT"; -- TLS 1.3 uses 'ciphersuites' rather than these
264 curveslist = { "X25519"; "prime256v1"; "secp384r1" }; 264 curveslist = { "X25519"; "prime256v1"; "secp384r1" };
311 "AES256-SHA256"; 311 "AES256-SHA256";
312 "AES128-SHA"; 312 "AES128-SHA";
313 "AES256-SHA"; 313 "AES256-SHA";
314 "DES-CBC3-SHA"; 314 "DES-CBC3-SHA";
315 }; 315 };
316 curveslist = { "X25519"; "prime256v1"; "secp384r1" };
316 ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" }; 317 ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" };
317 }; 318 };
318 }; 319 };
319 320
320 321