prosody
aaf9c6b6d18d
core/certmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

core/certmanager.lua @ 11551:aaf9c6b6d18d 0.11

certmanager: Disable renegotiation by default This requires LuaSec 0.7+ and OpenSSL 1.1.1+
author Matthew Wild <mwild1@gmail.com>
date Tue, 11 May 2021 14:14:15 +0100
parent 11549:5a484bd050a7
child 11560:3bbb1af92514
comparison
equal deleted inserted replaced
11550:929de6ade6b6 11551:aaf9c6b6d18d
53 cipher_server_preference = test_option("cipher_server_preference"); 53 cipher_server_preference = test_option("cipher_server_preference");
54 no_ticket = test_option("no_ticket"); 54 no_ticket = test_option("no_ticket");
55 no_compression = test_option("no_compression"); 55 no_compression = test_option("no_compression");
56 single_dh_use = test_option("single_dh_use"); 56 single_dh_use = test_option("single_dh_use");
57 single_ecdh_use = test_option("single_ecdh_use"); 57 single_ecdh_use = test_option("single_ecdh_use");
58 no_renegotiation = test_option("no_renegotiation");
58 }; 59 };
59 }; 60 };
60 61
61 local _ENV = nil; 62 local _ENV = nil;
62 -- luacheck: std none 63 -- luacheck: std none
117 cipher_server_preference = luasec_has.options.cipher_server_preference; 118 cipher_server_preference = luasec_has.options.cipher_server_preference;
118 no_ticket = luasec_has.options.no_ticket; 119 no_ticket = luasec_has.options.no_ticket;
119 no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true; 120 no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true;
120 single_dh_use = luasec_has.options.single_dh_use; 121 single_dh_use = luasec_has.options.single_dh_use;
121 single_ecdh_use = luasec_has.options.single_ecdh_use; 122 single_ecdh_use = luasec_has.options.single_ecdh_use;
123 no_renegotiation = luasec_has.options.no_renegotiation;
122 }; 124 };
123 verifyext = { "lsec_continue", "lsec_ignore_purpose" }; 125 verifyext = { "lsec_continue", "lsec_ignore_purpose" };
124 curve = luasec_has.algorithms.ec and not luasec_has.capabilities.curves_list and "secp384r1"; 126 curve = luasec_has.algorithms.ec and not luasec_has.capabilities.curves_list and "secp384r1";
125 curveslist = { 127 curveslist = {
126 "X25519", 128 "X25519",