Log

core/certmanager.lua @ 6079:5cffee5b2826

description author age
certmanager: Reformat core ssl defaults Kim Alvefur Tue, 15 Apr 2014 00:49:17 +0200
certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older protocols Kim Alvefur Tue, 15 Apr 2014 00:45:07 +0200
certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost Kim Alvefur Tue, 15 Apr 2014 00:32:11 +0200
certmanager: Wrap long line and add comment Kim Alvefur Mon, 14 Apr 2014 23:41:26 +0200
certmanager: Concatenate cipher list if given as a table Kim Alvefur Mon, 14 Apr 2014 23:34:35 +0200
certmanager: Allow non-server contexts to be without certificate and key Kim Alvefur Mon, 14 Apr 2014 23:09:28 +0200
certmanager: Check for non-nil values instead of true-ish values, allows removing defaults Kim Alvefur Mon, 14 Apr 2014 23:00:44 +0200
Merge 0.9->0.10 Matthew Wild Thu, 21 Nov 2013 02:14:23 +0000
certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys. Matthew Wild Thu, 21 Nov 2013 02:11:09 +0000
Merge 0.9->0.10 Matthew Wild Tue, 12 Nov 2013 02:23:02 +0000
Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients! Matthew Wild Tue, 12 Nov 2013 02:13:01 +0000
Merge 0.9->0.10 Matthew Wild Sun, 10 Nov 2013 18:49:34 +0000
certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES) Matthew Wild Sun, 10 Nov 2013 18:46:48 +0000
Merge 0.9->0.10 Matthew Wild Sat, 09 Nov 2013 18:36:32 +0000
certmanager: Fix order of options, so that the dynamic option is at the end of the array Matthew Wild Sat, 09 Nov 2013 17:54:21 +0000
certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones Matthew Wild Sat, 09 Nov 2013 17:50:19 +0000
Merge 0.9 -> 0.10 Kim Alvefur Thu, 31 Oct 2013 20:47:57 +0100
certmanager: Disable SSLv3 by default Kim Alvefur Thu, 31 Oct 2013 19:00:36 +0100
certmanager: Fix. Again. Kim Alvefur Tue, 15 Oct 2013 10:47:34 +0200
certmanager: Add back single_dh_use and single_ecdh_use to default options (Zash breaks, Zash unbreaks) Kim Alvefur Tue, 15 Oct 2013 01:37:16 +0200
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback Kim Alvefur Tue, 03 Sep 2013 15:43:59 +0200
Merge 0.9->trunk Kim Alvefur Tue, 03 Sep 2013 13:43:39 +0200
certmanager: Fix dhparam callback, missing imports (Testing, pfft) 0.9.1 Kim Alvefur Tue, 03 Sep 2013 13:40:29 +0200
Merge 0.9->trunk Matthew Wild Tue, 03 Sep 2013 12:32:18 +0100
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback Kim Alvefur Tue, 03 Sep 2013 13:13:31 +0200
certmanager: Fix for working around a bug with LuaSec 0.4.1 that causes it to not honour the 'ciphers' option. This change will apply 0.9's default cipher string for LuaSec 0.4.1 users. Matthew Wild Tue, 03 Sep 2013 12:11:11 +0100
Remove all trailing whitespace Florian Zeitz Fri, 09 Aug 2013 17:48:21 +0200
Merge 0.9->trunk Matthew Wild Sat, 13 Jul 2013 13:17:53 +0100
certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4. Matthew Wild Sat, 13 Jul 2013 13:15:24 +0100
certmanager: Overhaul of how ssl configs are built. Kim Alvefur Thu, 13 Jun 2013 17:44:42 +0200