diff options
author | Kim Alvefur <zash@zash.se> | 2023-07-09 21:18:47 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2023-07-09 21:18:47 +0200 |
commit | 59f9a608fda54f281658b35688c336f6a22046de (patch) | |
tree | d154aecdc0e5751bbd8544e9f2b219c15ea941f6 | |
parent | c82f504f6ace095dbc6f738925560d9860771f1f (diff) | |
download | prosody-59f9a608fda54f281658b35688c336f6a22046de.tar.gz prosody-59f9a608fda54f281658b35688c336f6a22046de.zip |
core.certmanager: Update Mozilla TLS config to version 5.7
Ref https://github.com/mozilla/server-side-tls/issues/285
-rw-r--r-- | core/certmanager.lua | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index 7a82c786..c6310473 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -240,7 +240,7 @@ local core_defaults = { local mozilla_ssl_configs = { -- https://wiki.mozilla.org/Security/Server_Side_TLS - -- Version 5.6 as of 2021-12-26 + -- Version 5.7 as of 2023-07-09 modern = { protocol = "tlsv1_3"; options = { cipher_server_preference = false }; @@ -261,6 +261,7 @@ local mozilla_ssl_configs = { "ECDHE-RSA-CHACHA20-POLY1305"; "DHE-RSA-AES128-GCM-SHA256"; "DHE-RSA-AES256-GCM-SHA384"; + "DHE-RSA-CHACHA20-POLY1305"; }; curveslist = { "X25519"; "prime256v1"; "secp384r1" }; ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" }; |