diff options
| author |   Kim Alvefur <zash@zash.se> | 2017-09-27 15:45:07 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2017-09-27 15:45:07 +0200 |
| commit | 23512ecccc3536188e59bebd153c6d44fb4c3c10 (patch) | |
| tree | 54c462b26b6b4277dc1d6bfbc99d4a6675ec0905 | |
| parent | util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951) (diff) | |
| download | prosody-23512ecccc3536188e59bebd153c6d44fb4c3c10.tar.xz prosody-23512ecccc3536188e59bebd153c6d44fb4c3c10.zip | |
core.certmanager: Set a default curveslist [sic], fixes #879, #943, #951 if used along with luasec 0.7 and openssl 1.1
| -rw-r--r-- | core/certmanager.lua | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index 73b346c3a..2be66a218 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -107,6 +107,12 @@ local core_defaults = { }; verifyext = { "lsec_continue", "lsec_ignore_purpose" }; curve = "secp384r1"; + curveslist = { + "X25519", + "P-384", + "P-256", + "P-521", + }; ciphers = { -- Enabled ciphers in order of preference: "HIGH+kEDH", -- Ephemeral Diffie-Hellman key exchange, if a 'dhparam' file is set "HIGH+kEECDH", -- Ephemeral Elliptic curve Diffie-Hellman key exchange |