Software /
code /
prosody
Comparison
core/certmanager.lua @ 5745:a1b0cfebeeba
certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Sat, 13 Jul 2013 13:15:24 +0100 |
parent | 5678:b7ebeae14053 |
child | 5746:3137751751b4 |
child | 5815:b93d096607b4 |
comparison
equal
deleted
inserted
replaced
5736:72a1f769c36f | 5745:a1b0cfebeeba |
---|---|
66 verify = user_ssl_config.verify or default_verify; | 66 verify = user_ssl_config.verify or default_verify; |
67 verifyext = user_ssl_config.verifyext or default_verifyext; | 67 verifyext = user_ssl_config.verifyext or default_verifyext; |
68 options = user_ssl_config.options or default_options; | 68 options = user_ssl_config.options or default_options; |
69 depth = user_ssl_config.depth; | 69 depth = user_ssl_config.depth; |
70 curve = user_ssl_config.curve or "secp384r1"; | 70 curve = user_ssl_config.curve or "secp384r1"; |
71 ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH"; | |
71 dhparam = user_ssl_config.dhparam; | 72 dhparam = user_ssl_config.dhparam; |
72 }; | 73 }; |
73 | 74 |
74 local ctx, err = ssl_newcontext(ssl_config); | 75 local ctx, err = ssl_newcontext(ssl_config); |
75 | 76 |