prosody
e4b998ffc922
core/certmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

core/certmanager.lua @ 6496:e4b998ffc922 0.9.6

certmanager, net.http: Disable SSLv3 by default
author Matthew Wild <mwild1@gmail.com>
date Tue, 14 Oct 2014 18:55:08 +0100
parent 5921:f7601ce30cfc
child 6501:71b6e8b48a12
comparison
equal deleted inserted replaced
6472:acae6289e0a6 6496:e4b998ffc922
31 31
32 -- Global SSL options if not overridden per-host 32 -- Global SSL options if not overridden per-host
33 local default_ssl_config = configmanager.get("*", "ssl"); 33 local default_ssl_config = configmanager.get("*", "ssl");
34 local default_capath = "/etc/ssl/certs"; 34 local default_capath = "/etc/ssl/certs";
35 local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none"; 35 local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
36 local default_options = { "no_sslv2", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil }; 36 local default_options = { "no_sslv2", "no_sslv3", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil };
37 local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" }; 37 local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" };
38 38
39 if ssl and not luasec_has_verifyext and ssl.x509 then 39 if ssl and not luasec_has_verifyext and ssl.x509 then
40 -- COMPAT mw/luasec-hg 40 -- COMPAT mw/luasec-hg
41 for i=1,#default_verifyext do -- Remove lsec_ prefix 41 for i=1,#default_verifyext do -- Remove lsec_ prefix