Mercurial > prosody-hg
comparison core/certmanager.lua @ 12150:653a48b5a25b
core.certmanager: Disable DANE name checks (not needed for XMPP)
Pending https://github.com/brunoos/luasec/pull/179
Should not be done globally, but rather only for s2sout, but that would
have to be in mod_tls then.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 16 Sep 2021 09:52:51 +0200 |
| parents | 0fcd80a55f15 |
| children | b05e0b422ff7 |
comparison
equal
deleted
inserted
replaced
| 12149:bbbf0dd90b6d | 12150:653a48b5a25b |
|---|---|
| 249 "!PSK", -- Pre-Shared Key - not used for XMPP | 249 "!PSK", -- Pre-Shared Key - not used for XMPP |
| 250 "!SRP", -- Secure Remote Password - not used for XMPP | 250 "!SRP", -- Secure Remote Password - not used for XMPP |
| 251 "!3DES", -- 3DES - slow and of questionable security | 251 "!3DES", -- 3DES - slow and of questionable security |
| 252 "!aNULL", -- Ciphers that does not authenticate the connection | 252 "!aNULL", -- Ciphers that does not authenticate the connection |
| 253 }; | 253 }; |
| 254 dane = configmanager.get("*", "use_dane"); | 254 dane = luasec_has.capabilities.dane and configmanager.get("*", "use_dane") and { "no_ee_namechecks" }; |
| 255 } | 255 } |
| 256 | 256 |
| 257 local mozilla_ssl_configs = { | 257 local mozilla_ssl_configs = { |
| 258 -- https://wiki.mozilla.org/Security/Server_Side_TLS | 258 -- https://wiki.mozilla.org/Security/Server_Side_TLS |
| 259 -- Version 5.6 as of 2021-12-26 | 259 -- Version 5.6 as of 2021-12-26 |
