diff options
| author | Matthew Wild <mwild1@gmail.com> | 2021-05-11 14:14:15 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2021-05-11 14:14:15 +0100 |
| commit | f0c2ed120130778f3a6ef59e41d1deb1667e9f3f (patch) | |
| tree | 58c1310ef9a5ec1d2eed8888ec623ad94945f990 | |
| parent | 08f721a07280cf59abd167ad0fcfcb6f9bb8fb19 (diff) | |
| download | prosody-f0c2ed120130778f3a6ef59e41d1deb1667e9f3f.tar.gz prosody-f0c2ed120130778f3a6ef59e41d1deb1667e9f3f.zip | |
certmanager: Disable renegotiation by default
This requires LuaSec 0.7+ and OpenSSL 1.1.1+
| -rw-r--r-- | core/certmanager.lua | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index b0c7039d..d8d07636 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -55,6 +55,7 @@ local luasec_has = ssl.config or softreq"ssl.config" or { no_compression = test_option("no_compression"); single_dh_use = test_option("single_dh_use"); single_ecdh_use = test_option("single_ecdh_use"); + no_renegotiation = test_option("no_renegotiation"); }; }; @@ -119,6 +120,7 @@ local core_defaults = { no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true; single_dh_use = luasec_has.options.single_dh_use; single_ecdh_use = luasec_has.options.single_ecdh_use; + no_renegotiation = luasec_has.options.no_renegotiation; }; verifyext = { "lsec_continue", "lsec_ignore_purpose" }; curve = luasec_has.algorithms.ec and not luasec_has.capabilities.curves_list and "secp384r1"; |