prosody
f7601ce30cfc
core/certmanager.lua
Software / code / prosody
Comparison
core/certmanager.lua @ 5921:f7601ce30cfc
certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 21 Nov 2013 02:11:09 +0000 |
| parent | 5915:e6fed1d80116 |
| child | 5922:dd11480ecd47 |
| child | 6496:e4b998ffc922 |
comparison
equal
deleted
inserted
replaced
| 5915:e6fed1d80116 | 5921:f7601ce30cfc |
|---|---|
| 68 verify = user_ssl_config.verify or default_verify; | 68 verify = user_ssl_config.verify or default_verify; |
| 69 verifyext = user_ssl_config.verifyext or default_verifyext; | 69 verifyext = user_ssl_config.verifyext or default_verifyext; |
| 70 options = user_ssl_config.options or default_options; | 70 options = user_ssl_config.options or default_options; |
| 71 depth = user_ssl_config.depth; | 71 depth = user_ssl_config.depth; |
| 72 curve = user_ssl_config.curve or "secp384r1"; | 72 curve = user_ssl_config.curve or "secp384r1"; |
| 73 ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH+kRSA:!DSS:!3DES:!aNULL"; | 73 ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL"; |
| 74 dhparam = user_ssl_config.dhparam; | 74 dhparam = user_ssl_config.dhparam; |
| 75 }; | 75 }; |
| 76 | 76 |
| 77 -- LuaSec expects dhparam to be a callback that takes two arguments. | 77 -- LuaSec expects dhparam to be a callback that takes two arguments. |
| 78 -- We ignore those because it is mostly used for having a separate | 78 -- We ignore those because it is mostly used for having a separate |
