prosody
9586979058b8
core/certmanager.lua
Software / code / prosody
Comparison
core/certmanager.lua @ 5907:9586979058b8
certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES)
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sun, 10 Nov 2013 18:46:48 +0000 |
| parent | 5902:c11c0761a682 |
| child | 5908:081a91507e4f |
| child | 5915:e6fed1d80116 |
comparison
equal
deleted
inserted
replaced
| 5906:071a7e461ae7 | 5907:9586979058b8 |
|---|---|
| 68 verify = user_ssl_config.verify or default_verify; | 68 verify = user_ssl_config.verify or default_verify; |
| 69 verifyext = user_ssl_config.verifyext or default_verifyext; | 69 verifyext = user_ssl_config.verifyext or default_verifyext; |
| 70 options = user_ssl_config.options or default_options; | 70 options = user_ssl_config.options or default_options; |
| 71 depth = user_ssl_config.depth; | 71 depth = user_ssl_config.depth; |
| 72 curve = user_ssl_config.curve or "secp384r1"; | 72 curve = user_ssl_config.curve or "secp384r1"; |
| 73 ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH"; | 73 ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH+kRSA:!DSS:!3DES:!aNULL"; |
| 74 dhparam = user_ssl_config.dhparam; | 74 dhparam = user_ssl_config.dhparam; |
| 75 }; | 75 }; |
| 76 | 76 |
| 77 -- LuaSec expects dhparam to be a callback that takes two arguments. | 77 -- LuaSec expects dhparam to be a callback that takes two arguments. |
| 78 -- We ignore those because it is mostly used for having a separate | 78 -- We ignore those because it is mostly used for having a separate |
