Software / code / prosody
Changeset
5745:a1b0cfebeeba
certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sat, 13 Jul 2013 13:15:24 +0100 |
| parents | 5736:72a1f769c36f |
| children | 5746:3137751751b4 5750:fbff8ecb6662 |
| files | core/certmanager.lua |
| diffstat | 1 files changed, 1 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/core/certmanager.lua Thu Jul 11 15:08:47 2013 +0100 +++ b/core/certmanager.lua Sat Jul 13 13:15:24 2013 +0100 @@ -68,6 +68,7 @@ options = user_ssl_config.options or default_options; depth = user_ssl_config.depth; curve = user_ssl_config.curve or "secp384r1"; + ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH"; dhparam = user_ssl_config.dhparam; };
