# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1640473516 -3600
# Node ID 0fcd80a55f15aa42d0df98e884c6fdbcd3839de9
# Parent  28f723cff236b8831a702552f88fb5acfb604545
core.certmanager: Add curveslist to 'old' Mozilla TLS preset

Unsure if this was overlooked before or a recent addition.

Reproduced the data from JSON file available. Would be nice to have a
tool that does that.

diff -r 28f723cff236 -r 0fcd80a55f15 core/certmanager.lua
--- a/core/certmanager.lua	Sat Dec 25 13:02:48 2021 +0100
+++ b/core/certmanager.lua	Sun Dec 26 00:05:16 2021 +0100
@@ -256,7 +256,7 @@
 
 local mozilla_ssl_configs = {
 	-- https://wiki.mozilla.org/Security/Server_Side_TLS
-	-- As of 2021-11-03
+	-- Version 5.6 as of 2021-12-26
 	modern = {
 		protocol = "tlsv1_3";
 		options = { cipher_server_preference = false };
@@ -313,6 +313,7 @@
 			"AES256-SHA";
 			"DES-CBC3-SHA";
 		};
+		curveslist = { "X25519"; "prime256v1"; "secp384r1" };
 		ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" };
 	};
 };