prosody
1b1ed555f307
core/certmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

core/certmanager.lua @ 13179:1b1ed555f307

Merge 0.12->trunk
author Kim Alvefur <zash@zash.se>
date Mon, 10 Jul 2023 00:34:37 +0200
parent 13116:58e793288d9c
parent 13178:e689d4c45681
comparison
equal deleted inserted replaced
13176:0d1cd3185299 13179:1b1ed555f307
213 dane = tls.features.capabilities.dane and configmanager.get("*", "use_dane") and { "no_ee_namechecks" }; 213 dane = tls.features.capabilities.dane and configmanager.get("*", "use_dane") and { "no_ee_namechecks" };
214 } 214 }
215 215
216 local mozilla_ssl_configs = { 216 local mozilla_ssl_configs = {
217 -- https://wiki.mozilla.org/Security/Server_Side_TLS 217 -- https://wiki.mozilla.org/Security/Server_Side_TLS
218 -- Version 5.6 as of 2021-12-26 218 -- Version 5.7 as of 2023-07-09
219 modern = { 219 modern = {
220 protocol = "tlsv1_3"; 220 protocol = "tlsv1_3";
221 options = { cipher_server_preference = false }; 221 options = { cipher_server_preference = false };
222 ciphers = "DEFAULT"; -- TLS 1.3 uses 'ciphersuites' rather than these 222 ciphers = "DEFAULT"; -- TLS 1.3 uses 'ciphersuites' rather than these
223 curveslist = { "X25519"; "prime256v1"; "secp384r1" }; 223 curveslist = { "X25519"; "prime256v1"; "secp384r1" };
234 "ECDHE-RSA-AES256-GCM-SHA384"; 234 "ECDHE-RSA-AES256-GCM-SHA384";
235 "ECDHE-ECDSA-CHACHA20-POLY1305"; 235 "ECDHE-ECDSA-CHACHA20-POLY1305";
236 "ECDHE-RSA-CHACHA20-POLY1305"; 236 "ECDHE-RSA-CHACHA20-POLY1305";
237 "DHE-RSA-AES128-GCM-SHA256"; 237 "DHE-RSA-AES128-GCM-SHA256";
238 "DHE-RSA-AES256-GCM-SHA384"; 238 "DHE-RSA-AES256-GCM-SHA384";
239 "DHE-RSA-CHACHA20-POLY1305";
239 }; 240 };
240 curveslist = { "X25519"; "prime256v1"; "secp384r1" }; 241 curveslist = { "X25519"; "prime256v1"; "secp384r1" };
241 ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" }; 242 ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" };
242 }; 243 };
243 old = { 244 old = {