prosody
653a48b5a25b
core/certmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

core/certmanager.lua @ 12150:653a48b5a25b

core.certmanager: Disable DANE name checks (not needed for XMPP) Pending https://github.com/brunoos/luasec/pull/179 Should not be done globally, but rather only for s2sout, but that would have to be in mod_tls then.
author Kim Alvefur <zash@zash.se>
date Thu, 16 Sep 2021 09:52:51 +0200
parent 12120:0fcd80a55f15
child 12196:b05e0b422ff7
comparison
equal deleted inserted replaced
12149:bbbf0dd90b6d 12150:653a48b5a25b
249 "!PSK", -- Pre-Shared Key - not used for XMPP 249 "!PSK", -- Pre-Shared Key - not used for XMPP
250 "!SRP", -- Secure Remote Password - not used for XMPP 250 "!SRP", -- Secure Remote Password - not used for XMPP
251 "!3DES", -- 3DES - slow and of questionable security 251 "!3DES", -- 3DES - slow and of questionable security
252 "!aNULL", -- Ciphers that does not authenticate the connection 252 "!aNULL", -- Ciphers that does not authenticate the connection
253 }; 253 };
254 dane = configmanager.get("*", "use_dane"); 254 dane = luasec_has.capabilities.dane and configmanager.get("*", "use_dane") and { "no_ee_namechecks" };
255 } 255 }
256 256
257 local mozilla_ssl_configs = { 257 local mozilla_ssl_configs = {
258 -- https://wiki.mozilla.org/Security/Server_Side_TLS 258 -- https://wiki.mozilla.org/Security/Server_Side_TLS
259 -- Version 5.6 as of 2021-12-26 259 -- Version 5.6 as of 2021-12-26