Mercurial > prosody-hg
comparison core/certmanager.lua @ 5745:a1b0cfebeeba
certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sat, 13 Jul 2013 13:15:24 +0100 |
| parents | b7ebeae14053 |
| children | 3137751751b4 b93d096607b4 |
comparison
equal
deleted
inserted
replaced
| 5736:72a1f769c36f | 5745:a1b0cfebeeba |
|---|---|
| 66 verify = user_ssl_config.verify or default_verify; | 66 verify = user_ssl_config.verify or default_verify; |
| 67 verifyext = user_ssl_config.verifyext or default_verifyext; | 67 verifyext = user_ssl_config.verifyext or default_verifyext; |
| 68 options = user_ssl_config.options or default_options; | 68 options = user_ssl_config.options or default_options; |
| 69 depth = user_ssl_config.depth; | 69 depth = user_ssl_config.depth; |
| 70 curve = user_ssl_config.curve or "secp384r1"; | 70 curve = user_ssl_config.curve or "secp384r1"; |
| 71 ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH"; | |
| 71 dhparam = user_ssl_config.dhparam; | 72 dhparam = user_ssl_config.dhparam; |
| 72 }; | 73 }; |
| 73 | 74 |
| 74 local ctx, err = ssl_newcontext(ssl_config); | 75 local ctx, err = ssl_newcontext(ssl_config); |
| 75 | 76 |
