Software /
code /
prosody
Diff
core/certmanager.lua @ 12097:9c794d5f6f8d
core.certmanager: Add TLS 1.3 cipher suites to Mozilla TLS presets
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 03 Nov 2021 12:23:29 +0100 |
parent | 12096:dfb29b5b0a57 |
child | 12098:9591b838e3b0 |
line wrap: on
line diff
--- a/core/certmanager.lua Sun Dec 22 02:25:37 2019 +0100 +++ b/core/certmanager.lua Wed Nov 03 12:23:29 2021 +0100 @@ -248,11 +248,14 @@ } local mozilla_ssl_configs = { - -- As of 2019-12-22 + -- https://wiki.mozilla.org/Security/Server_Side_TLS + -- As of 2021-11-03 modern = { protocol = "tlsv1_3"; options = { cipher_server_preference = false }; ciphers = "DEFAULT"; -- TLS 1.3 uses 'ciphersuites' rather than these + curveslist = { "X25519"; "prime256v1"; "secp384r1" }; + ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" }; }; intermediate = { protocol = "tlsv1_2+"; @@ -268,6 +271,8 @@ "DHE-RSA-AES128-GCM-SHA256"; "DHE-RSA-AES256-GCM-SHA384"; }; + curveslist = { "X25519"; "prime256v1"; "secp384r1" }; + ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" }; }; old = { protocol = "tlsv1+"; @@ -301,6 +306,7 @@ "AES256-SHA"; "DES-CBC3-SHA"; }; + ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" }; }; };