Comparison

core/certmanager.lua @ 5745:a1b0cfebeeba

certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.
author Matthew Wild <mwild1@gmail.com>
date Sat, 13 Jul 2013 13:15:24 +0100
parent 5678:b7ebeae14053
child 5746:3137751751b4
child 5815:b93d096607b4
comparison
equal deleted inserted replaced
5736:72a1f769c36f 5745:a1b0cfebeeba
66 verify = user_ssl_config.verify or default_verify; 66 verify = user_ssl_config.verify or default_verify;
67 verifyext = user_ssl_config.verifyext or default_verifyext; 67 verifyext = user_ssl_config.verifyext or default_verifyext;
68 options = user_ssl_config.options or default_options; 68 options = user_ssl_config.options or default_options;
69 depth = user_ssl_config.depth; 69 depth = user_ssl_config.depth;
70 curve = user_ssl_config.curve or "secp384r1"; 70 curve = user_ssl_config.curve or "secp384r1";
71 ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH";
71 dhparam = user_ssl_config.dhparam; 72 dhparam = user_ssl_config.dhparam;
72 }; 73 };
73 74
74 local ctx, err = ssl_newcontext(ssl_config); 75 local ctx, err = ssl_newcontext(ssl_config);
75 76