Comparison

core/certmanager.lua @ 5921:f7601ce30cfc

certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys.
author Matthew Wild <mwild1@gmail.com>
date Thu, 21 Nov 2013 02:11:09 +0000
parent 5915:e6fed1d80116
child 5922:dd11480ecd47
child 6496:e4b998ffc922
comparison
equal deleted inserted replaced
5915:e6fed1d80116 5921:f7601ce30cfc
68 verify = user_ssl_config.verify or default_verify; 68 verify = user_ssl_config.verify or default_verify;
69 verifyext = user_ssl_config.verifyext or default_verifyext; 69 verifyext = user_ssl_config.verifyext or default_verifyext;
70 options = user_ssl_config.options or default_options; 70 options = user_ssl_config.options or default_options;
71 depth = user_ssl_config.depth; 71 depth = user_ssl_config.depth;
72 curve = user_ssl_config.curve or "secp384r1"; 72 curve = user_ssl_config.curve or "secp384r1";
73 ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH+kRSA:!DSS:!3DES:!aNULL"; 73 ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL";
74 dhparam = user_ssl_config.dhparam; 74 dhparam = user_ssl_config.dhparam;
75 }; 75 };
76 76
77 -- LuaSec expects dhparam to be a callback that takes two arguments. 77 -- LuaSec expects dhparam to be a callback that takes two arguments.
78 -- We ignore those because it is mostly used for having a separate 78 -- We ignore those because it is mostly used for having a separate