prosody
54424e981796
core/certmanager.lua
Software / code / prosody
Comparison
core/certmanager.lua @ 7663:54424e981796
core.certmanager: Split cipher list into array with comments explaining each part
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 12 Sep 2016 15:49:24 +0200 |
| parent | 7531:2db68d1a6eeb |
| child | 7743:d018ffc9238c |
comparison
equal
deleted
inserted
replaced
| 7662:946871f6e3c8 | 7663:54424e981796 |
|---|---|
| 101 single_dh_use = luasec_has.single_dh_use; | 101 single_dh_use = luasec_has.single_dh_use; |
| 102 single_ecdh_use = luasec_has.single_ecdh_use; | 102 single_ecdh_use = luasec_has.single_ecdh_use; |
| 103 }; | 103 }; |
| 104 verifyext = { "lsec_continue", "lsec_ignore_purpose" }; | 104 verifyext = { "lsec_continue", "lsec_ignore_purpose" }; |
| 105 curve = "secp384r1"; | 105 curve = "secp384r1"; |
| 106 ciphers = "HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL"; | 106 ciphers = { -- Enabled ciphers in order of preference: |
| 107 "HIGH+kEDH", -- Ephemeral Diffie-Hellman key exchange, if a 'dhparam' file is set | |
| 108 "HIGH+kEECDH", -- Ephemeral Elliptic curve Diffie-Hellman key exchange | |
| 109 "HIGH", -- Other "High strength" ciphers | |
| 110 -- Disabled cipher suites: | |
| 111 "!PSK", -- Pre-Shared Key - not used for XMPP | |
| 112 "!SRP", -- Secure Remote Password - not used for XMPP | |
| 113 "!3DES", -- 3DES - slow and of questionable security | |
| 114 "!aNULL", -- Ciphers that does not authenticate the connection | |
| 115 }; | |
| 107 } | 116 } |
| 108 local path_options = { -- These we pass through resolve_path() | 117 local path_options = { -- These we pass through resolve_path() |
| 109 key = true, certificate = true, cafile = true, capath = true, dhparam = true | 118 key = true, certificate = true, cafile = true, capath = true, dhparam = true |
| 110 } | 119 } |
| 111 | 120 |
