prosody
a5928fdeaf97
core/certmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Log

core/certmanager.lua @ 6207:a5928fdeaf97

less more | (0) -60 tip
description author age
Merge 0.9->0.10 Matthew Wild 2013-11-21
certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys. Matthew Wild 2013-11-21
Merge 0.9->0.10 Matthew Wild 2013-11-12
Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients! Matthew Wild 2013-11-12
Merge 0.9->0.10 Matthew Wild 2013-11-10
certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES) Matthew Wild 2013-11-10
Merge 0.9->0.10 Matthew Wild 2013-11-09
certmanager: Fix order of options, so that the dynamic option is at the end of the array Matthew Wild 2013-11-09
certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones Matthew Wild 2013-11-09
Merge 0.9 -> 0.10 Kim Alvefur 2013-10-31
certmanager: Disable SSLv3 by default Kim Alvefur 2013-10-31
certmanager: Fix. Again. Kim Alvefur 2013-10-15
certmanager: Add back single_dh_use and single_ecdh_use to default options (Zash breaks, Zash unbreaks) Kim Alvefur 2013-10-14
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback Kim Alvefur 2013-09-03
Merge 0.9->trunk Kim Alvefur 2013-09-03
certmanager: Fix dhparam callback, missing imports (Testing, pfft) 0.9.1 Kim Alvefur 2013-09-03
Merge 0.9->trunk Matthew Wild 2013-09-03
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback Kim Alvefur 2013-09-03
certmanager: Fix for working around a bug with LuaSec 0.4.1 that causes it to not honour the 'ciphers' option. This change will apply 0.9's default cipher string for LuaSec 0.4.1 users. Matthew Wild 2013-09-03
Remove all trailing whitespace Florian Zeitz 2013-08-09
Merge 0.9->trunk Matthew Wild 2013-07-13
certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4. Matthew Wild 2013-07-13
certmanager: Overhaul of how ssl configs are built. Kim Alvefur 2013-06-13
Merge 0.9->trunk Matthew Wild 2013-06-12
certmanager: Add single_dh_use and single_ecdh_use to default options Matthew Wild 2013-06-12
Merge 0.9->trunk Matthew Wild 2013-06-12
certmanager: Set ssl.curve to 'secp384r1' by default, to enable ECC ciphers Matthew Wild 2013-06-12
Merge 0.9->trunk Matthew Wild 2013-06-11
certmanager: Use 'curve' and 'dhparam' options from ssl config if present Matthew Wild 2013-06-11
certmanager: Complain if key or certificate is missing from SSL config. Kim Alvefur 2013-06-07
certmanager: Disable SSL compression if possible (LuaSec 0.5 or 0.4.1+OpenSSL 1.x) Matthew Wild 2013-05-22
core.*: Complete removal of all traces of the "core" section and section-related code. Kim Alvefur 2013-03-23
certmanager: Fix nil index if no LuaSec available Kim Alvefur 2013-01-07
core.certmanager: Add support for LuaSec 0.5. Also compat with MattJs luasec-hg Kim Alvefur 2012-12-28
certmanager: Remove unused import of setmetatable Matthew Wild 2012-07-23
certmanager: Fix for traceback WITH LuaSec... (!) (thanks IRON) Matthew Wild 2012-07-23
certmanager: Fix traceback for missing LuaSec (thanks Link Mauve) Matthew Wild 2012-07-23
certmanager: Add quotes around cert file path when logging. Waqas Hussain 2012-06-12
certmanager: tonumber() (fix for 0b8134015635) Matthew Wild 2012-05-19
certmanager: Don't use no_ticket option before LuaSec 0.4 Matthew Wild 2012-05-19
certmanager: no_ticket is not a verification option (thanks Zash) Matthew Wild 2012-05-18
certmanager: Add no_ticket option for OpenSSL (we don't support resumption yet) Matthew Wild 2012-05-17
certmanager: Adjust error messages to be non-specific about 'host' (so we can specify a service name instead ffor SSL) Matthew Wild 2012-05-11
core.certmanager: Log a message when a password is required but not supplied. fixes #214 Kim Alvefur 2012-04-21
certmanager: More informative logging. Waqas Hussain 2011-11-01
certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option. Waqas Hussain 2011-08-25
certmanager: Add required verify flags for cert verification if LuaSec (probably) supports them Matthew Wild 2010-11-28
prosody, configmanager, certmanager: Relocate prosody.resolve_relative_path() to configmanager, and update certmanager (the only user of this function) Matthew Wild 2010-11-10
certmanager, hostmanager, mod_tls: Move responsibility for creating per-host SSL contexts to mod_tls, meaning reloading certs is now as trivial as reloading mod_tls Matthew Wild 2010-11-06
Monster whitespace commit (beware the whitespace monster). Waqas Hussain 2010-10-16
prosody.resolve_relative_path: Updated to take a parent path to resolve against. Waqas Hussain 2010-07-23
Merge 0.7->trunk Matthew Wild 2010-07-23
certmanager: Don't disable LuaSec and future cert loading on failure, and add error messages to the no LuaSec/config cases (thanks Jakob) Matthew Wild 2010-07-23
Merge with backout Matthew Wild 2010-07-15
Backed out changeset 598c33a99a31 (already fixed a better way) Matthew Wild 2010-07-15
certmanager: Fix to handle the case of no SSL configuration at all Matthew Wild 2010-07-14
certmanager: Added copyright header. Waqas Hussain 2010-07-15
certmanager: Defined default_capath to prevent a global nil access. Waqas Hussain 2010-07-15
certmanager: Use an empty table as the default ssl config when a global 'ssl' config option isn't specified (fixes a top-level traceback on startup). Waqas Hussain 2010-07-15
certmanager: Remove debug logging accidentally committed Matthew Wild 2010-07-13
less more | (0) -60 tip