prosody
0fcd80a55f15

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

12120:0fcd80a55f15

core.certmanager: Add curveslist to 'old' Mozilla TLS preset Unsure if this was overlooked before or a recent addition. Reproduced the data from JSON file available. Would be nice to have a tool that does that.
author Kim Alvefur <zash@zash.se>
date Sun, 26 Dec 2021 00:05:16 +0100
parents 12119:28f723cff236
children 12121:2162e86029b6
files core/certmanager.lua
diffstat 1 files changed, 2 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/core/certmanager.lua	Sat Dec 25 13:02:48 2021 +0100
+++ b/core/certmanager.lua	Sun Dec 26 00:05:16 2021 +0100
@@ -256,7 +256,7 @@
 
 local mozilla_ssl_configs = {
 	-- https://wiki.mozilla.org/Security/Server_Side_TLS
-	-- As of 2021-11-03
+	-- Version 5.6 as of 2021-12-26
 	modern = {
 		protocol = "tlsv1_3";
 		options = { cipher_server_preference = false };
@@ -313,6 +313,7 @@
 			"AES256-SHA";
 			"DES-CBC3-SHA";
 		};
+		curveslist = { "X25519"; "prime256v1"; "secp384r1" };
 		ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" };
 	};
 };