# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1688930327 -7200
# Node ID e689d4c456812c74c6f910ae7b133a0a9e14c63a
# Parent  6f64542a1336273983366553629d6295270c2cb1
core.certmanager: Update Mozilla TLS config to version 5.7

Ref https://github.com/mozilla/server-side-tls/issues/285

diff -r 6f64542a1336 -r e689d4c45681 core/certmanager.lua
--- a/core/certmanager.lua	Sat Jul 08 18:23:40 2023 +0200
+++ b/core/certmanager.lua	Sun Jul 09 21:18:47 2023 +0200
@@ -240,7 +240,7 @@
 
 local mozilla_ssl_configs = {
 	-- https://wiki.mozilla.org/Security/Server_Side_TLS
-	-- Version 5.6 as of 2021-12-26
+	-- Version 5.7 as of 2023-07-09
 	modern = {
 		protocol = "tlsv1_3";
 		options = { cipher_server_preference = false };
@@ -261,6 +261,7 @@
 			"ECDHE-RSA-CHACHA20-POLY1305";
 			"DHE-RSA-AES128-GCM-SHA256";
 			"DHE-RSA-AES256-GCM-SHA384";
+			"DHE-RSA-CHACHA20-POLY1305";
 		};
 		curveslist = { "X25519"; "prime256v1"; "secp384r1" };
 		ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" };