Software / code / prosody
Changeset
11551:aaf9c6b6d18d 0.11
certmanager: Disable renegotiation by default
This requires LuaSec 0.7+ and OpenSSL 1.1.1+
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 11 May 2021 14:14:15 +0100 |
| parents | 11550:929de6ade6b6 |
| children | 11552:d4b735272a61 |
| files | core/certmanager.lua |
| diffstat | 1 files changed, 2 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/core/certmanager.lua Tue May 11 14:10:26 2021 +0100 +++ b/core/certmanager.lua Tue May 11 14:14:15 2021 +0100 @@ -55,6 +55,7 @@ no_compression = test_option("no_compression"); single_dh_use = test_option("single_dh_use"); single_ecdh_use = test_option("single_ecdh_use"); + no_renegotiation = test_option("no_renegotiation"); }; }; @@ -119,6 +120,7 @@ no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true; single_dh_use = luasec_has.options.single_dh_use; single_ecdh_use = luasec_has.options.single_ecdh_use; + no_renegotiation = luasec_has.options.no_renegotiation; }; verifyext = { "lsec_continue", "lsec_ignore_purpose" }; curve = luasec_has.algorithms.ec and not luasec_has.capabilities.curves_list and "secp384r1";
