certmanager, net.http: Disable SSLv3 by default
0.9.6
|
Matthew Wild |
Tue, 14 Oct 2014 18:55:08 +0100 |
core.certmanager: Make create_context() support an arbitrary number of option sets, merging all
|
Kim Alvefur |
Thu, 03 Jul 2014 15:32:26 +0200 |
core.certmanager: Use util.sslconfig
|
Kim Alvefur |
Thu, 03 Jul 2014 15:31:12 +0200 |
core.certmanager, core.moduleapi, mod_storage_sql, mod_storage_sql2: Import from util.paths
|
Kim Alvefur |
Fri, 09 May 2014 19:35:29 +0200 |
certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph)
|
Kim Alvefur |
Mon, 21 Apr 2014 02:43:09 +0200 |
certmanager: Fix traceback if no global 'ssl' section set (thanks albert)
|
Kim Alvefur |
Sun, 20 Apr 2014 21:25:26 +0200 |
certmanager: Update ssl_compression when config is reloaded
|
Kim Alvefur |
Tue, 15 Apr 2014 01:02:56 +0200 |
certmanager: Reformat core ssl defaults
|
Kim Alvefur |
Tue, 15 Apr 2014 00:49:17 +0200 |
certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older protocols
|
Kim Alvefur |
Tue, 15 Apr 2014 00:45:07 +0200 |
certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost
|
Kim Alvefur |
Tue, 15 Apr 2014 00:32:11 +0200 |
certmanager: Wrap long line and add comment
|
Kim Alvefur |
Mon, 14 Apr 2014 23:41:26 +0200 |
certmanager: Concatenate cipher list if given as a table
|
Kim Alvefur |
Mon, 14 Apr 2014 23:34:35 +0200 |
certmanager: Allow non-server contexts to be without certificate and key
|
Kim Alvefur |
Mon, 14 Apr 2014 23:09:28 +0200 |
certmanager: Check for non-nil values instead of true-ish values, allows removing defaults
|
Kim Alvefur |
Mon, 14 Apr 2014 23:00:44 +0200 |
Merge 0.9->0.10
|
Matthew Wild |
Thu, 21 Nov 2013 02:14:23 +0000 |
certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys.
|
Matthew Wild |
Thu, 21 Nov 2013 02:11:09 +0000 |
Merge 0.9->0.10
|
Matthew Wild |
Tue, 12 Nov 2013 02:23:02 +0000 |
Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!
|
Matthew Wild |
Tue, 12 Nov 2013 02:13:01 +0000 |
Merge 0.9->0.10
|
Matthew Wild |
Sun, 10 Nov 2013 18:49:34 +0000 |
certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES)
|
Matthew Wild |
Sun, 10 Nov 2013 18:46:48 +0000 |
Merge 0.9->0.10
|
Matthew Wild |
Sat, 09 Nov 2013 18:36:32 +0000 |
certmanager: Fix order of options, so that the dynamic option is at the end of the array
|
Matthew Wild |
Sat, 09 Nov 2013 17:54:21 +0000 |
certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones
|
Matthew Wild |
Sat, 09 Nov 2013 17:50:19 +0000 |
Merge 0.9 -> 0.10
|
Kim Alvefur |
Thu, 31 Oct 2013 20:47:57 +0100 |
certmanager: Disable SSLv3 by default
|
Kim Alvefur |
Thu, 31 Oct 2013 19:00:36 +0100 |
certmanager: Fix. Again.
|
Kim Alvefur |
Tue, 15 Oct 2013 10:47:34 +0200 |
certmanager: Add back single_dh_use and single_ecdh_use to default options (Zash breaks, Zash unbreaks)
|
Kim Alvefur |
Tue, 15 Oct 2013 01:37:16 +0200 |
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
|
Kim Alvefur |
Tue, 03 Sep 2013 15:43:59 +0200 |
Merge 0.9->trunk
|
Kim Alvefur |
Tue, 03 Sep 2013 13:43:39 +0200 |
certmanager: Fix dhparam callback, missing imports (Testing, pfft)
0.9.1
|
Kim Alvefur |
Tue, 03 Sep 2013 13:40:29 +0200 |