aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2023-07-09 21:18:47 +0200
committerKim Alvefur <zash@zash.se>2023-07-09 21:18:47 +0200
commit59f9a608fda54f281658b35688c336f6a22046de (patch)
treed154aecdc0e5751bbd8544e9f2b219c15ea941f6
parentc82f504f6ace095dbc6f738925560d9860771f1f (diff)
downloadprosody-59f9a608fda54f281658b35688c336f6a22046de.tar.gz
prosody-59f9a608fda54f281658b35688c336f6a22046de.zip
core.certmanager: Update Mozilla TLS config to version 5.7
Ref https://github.com/mozilla/server-side-tls/issues/285
-rw-r--r--core/certmanager.lua3
1 files changed, 2 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 7a82c786..c6310473 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -240,7 +240,7 @@ local core_defaults = {
local mozilla_ssl_configs = {
-- https://wiki.mozilla.org/Security/Server_Side_TLS
- -- Version 5.6 as of 2021-12-26
+ -- Version 5.7 as of 2023-07-09
modern = {
protocol = "tlsv1_3";
options = { cipher_server_preference = false };
@@ -261,6 +261,7 @@ local mozilla_ssl_configs = {
"ECDHE-RSA-CHACHA20-POLY1305";
"DHE-RSA-AES128-GCM-SHA256";
"DHE-RSA-AES256-GCM-SHA384";
+ "DHE-RSA-CHACHA20-POLY1305";
};
curveslist = { "X25519"; "prime256v1"; "secp384r1" };
ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" };