Log

core/certmanager.lua @ 6566:1f396f0fe832

description author age
certmanager: Improve "detection" of features that depend on LuaSec version Kim Alvefur 2015-02-05
certmanager: Add locals for ssl.context and ssl.x509 Kim Alvefur 2015-02-05
certmanager: Early return from the entire module if LuaSec is unavailable Kim Alvefur 2015-02-05
certmanager: Make global variable access explicit Matthew Wild 2015-01-20
certmanager, mod_tls: Return final ssl config as third return value (fix for c6caaa440e74, portmanager assumes non-falsy second return value is an error) (thanks deoren) Kim Alvefur 2014-11-22
certmanager: Return final ssl config along with ssl context on success Kim Alvefur 2014-11-19
Merge 0.9->0.10 Kim Alvefur 2014-10-26
certmanager, net.http: Disable SSLv3 by default 0.9.6 Matthew Wild 2014-10-14
core.certmanager: Make create_context() support an arbitrary number of option sets, merging all Kim Alvefur 2014-07-03
core.certmanager: Use util.sslconfig Kim Alvefur 2014-07-03
core.certmanager, core.moduleapi, mod_storage_sql, mod_storage_sql2: Import from util.paths Kim Alvefur 2014-05-09
certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph) Kim Alvefur 2014-04-21
certmanager: Fix traceback if no global 'ssl' section set (thanks albert) Kim Alvefur 2014-04-20
certmanager: Update ssl_compression when config is reloaded Kim Alvefur 2014-04-14
certmanager: Reformat core ssl defaults Kim Alvefur 2014-04-14
certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older protocols Kim Alvefur 2014-04-14
certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost Kim Alvefur 2014-04-14
certmanager: Wrap long line and add comment Kim Alvefur 2014-04-14
certmanager: Concatenate cipher list if given as a table Kim Alvefur 2014-04-14
certmanager: Allow non-server contexts to be without certificate and key Kim Alvefur 2014-04-14
certmanager: Check for non-nil values instead of true-ish values, allows removing defaults Kim Alvefur 2014-04-14
Merge 0.9->0.10 Matthew Wild 2013-11-21
certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys. Matthew Wild 2013-11-21
Merge 0.9->0.10 Matthew Wild 2013-11-12
Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients! Matthew Wild 2013-11-12
Merge 0.9->0.10 Matthew Wild 2013-11-10
certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES) Matthew Wild 2013-11-10
Merge 0.9->0.10 Matthew Wild 2013-11-09
certmanager: Fix order of options, so that the dynamic option is at the end of the array Matthew Wild 2013-11-09
certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones Matthew Wild 2013-11-09
Merge 0.9 -> 0.10 Kim Alvefur 2013-10-31
certmanager: Disable SSLv3 by default Kim Alvefur 2013-10-31
certmanager: Fix. Again. Kim Alvefur 2013-10-15
certmanager: Add back single_dh_use and single_ecdh_use to default options (Zash breaks, Zash unbreaks) Kim Alvefur 2013-10-14
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback Kim Alvefur 2013-09-03
Merge 0.9->trunk Kim Alvefur 2013-09-03
certmanager: Fix dhparam callback, missing imports (Testing, pfft) 0.9.1 Kim Alvefur 2013-09-03
Merge 0.9->trunk Matthew Wild 2013-09-03
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback Kim Alvefur 2013-09-03
certmanager: Fix for working around a bug with LuaSec 0.4.1 that causes it to not honour the 'ciphers' option. This change will apply 0.9's default cipher string for LuaSec 0.4.1 users. Matthew Wild 2013-09-03
Remove all trailing whitespace Florian Zeitz 2013-08-09
Merge 0.9->trunk Matthew Wild 2013-07-13
certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4. Matthew Wild 2013-07-13
certmanager: Overhaul of how ssl configs are built. Kim Alvefur 2013-06-13
Merge 0.9->trunk Matthew Wild 2013-06-12
certmanager: Add single_dh_use and single_ecdh_use to default options Matthew Wild 2013-06-12
Merge 0.9->trunk Matthew Wild 2013-06-12
certmanager: Set ssl.curve to 'secp384r1' by default, to enable ECC ciphers Matthew Wild 2013-06-12
Merge 0.9->trunk Matthew Wild 2013-06-11
certmanager: Use 'curve' and 'dhparam' options from ssl config if present Matthew Wild 2013-06-11
certmanager: Complain if key or certificate is missing from SSL config. Kim Alvefur 2013-06-07
certmanager: Disable SSL compression if possible (LuaSec 0.5 or 0.4.1+OpenSSL 1.x) Matthew Wild 2013-05-22
core.*: Complete removal of all traces of the "core" section and section-related code. Kim Alvefur 2013-03-23
certmanager: Fix nil index if no LuaSec available Kim Alvefur 2013-01-07
core.certmanager: Add support for LuaSec 0.5. Also compat with MattJs luasec-hg Kim Alvefur 2012-12-28
certmanager: Remove unused import of setmetatable Matthew Wild 2012-07-23