prosody
e689d4c45681
core/certmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

core/certmanager.lua @ 13178:e689d4c45681 0.12

core.certmanager: Update Mozilla TLS config to version 5.7 Ref https://github.com/mozilla/server-side-tls/issues/285
author Kim Alvefur <zash@zash.se>
date Sun, 09 Jul 2023 21:18:47 +0200
parent 12507:e242a6e74424
child 13179:1b1ed555f307
comparison
equal deleted inserted replaced
13177:6f64542a1336 13178:e689d4c45681
238 dane = luasec_has.capabilities.dane and configmanager.get("*", "use_dane") and { "no_ee_namechecks" }; 238 dane = luasec_has.capabilities.dane and configmanager.get("*", "use_dane") and { "no_ee_namechecks" };
239 } 239 }
240 240
241 local mozilla_ssl_configs = { 241 local mozilla_ssl_configs = {
242 -- https://wiki.mozilla.org/Security/Server_Side_TLS 242 -- https://wiki.mozilla.org/Security/Server_Side_TLS
243 -- Version 5.6 as of 2021-12-26 243 -- Version 5.7 as of 2023-07-09
244 modern = { 244 modern = {
245 protocol = "tlsv1_3"; 245 protocol = "tlsv1_3";
246 options = { cipher_server_preference = false }; 246 options = { cipher_server_preference = false };
247 ciphers = "DEFAULT"; -- TLS 1.3 uses 'ciphersuites' rather than these 247 ciphers = "DEFAULT"; -- TLS 1.3 uses 'ciphersuites' rather than these
248 curveslist = { "X25519"; "prime256v1"; "secp384r1" }; 248 curveslist = { "X25519"; "prime256v1"; "secp384r1" };
259 "ECDHE-RSA-AES256-GCM-SHA384"; 259 "ECDHE-RSA-AES256-GCM-SHA384";
260 "ECDHE-ECDSA-CHACHA20-POLY1305"; 260 "ECDHE-ECDSA-CHACHA20-POLY1305";
261 "ECDHE-RSA-CHACHA20-POLY1305"; 261 "ECDHE-RSA-CHACHA20-POLY1305";
262 "DHE-RSA-AES128-GCM-SHA256"; 262 "DHE-RSA-AES128-GCM-SHA256";
263 "DHE-RSA-AES256-GCM-SHA384"; 263 "DHE-RSA-AES256-GCM-SHA384";
264 "DHE-RSA-CHACHA20-POLY1305";
264 }; 265 };
265 curveslist = { "X25519"; "prime256v1"; "secp384r1" }; 266 curveslist = { "X25519"; "prime256v1"; "secp384r1" };
266 ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" }; 267 ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" };
267 }; 268 };
268 old = { 269 old = {