aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2014-04-15 00:49:17 +0200
committerKim Alvefur <zash@zash.se>2014-04-15 00:49:17 +0200
commit0f3d96bb858e159322c4bca5d919629a82d6cb09 (patch)
tree8dbbf7f8165948641945c02b331b96b27cb5c261
parent7229a760a41d22e002e82f2f8d00aec8cc271f30 (diff)
downloadprosody-0f3d96bb858e159322c4bca5d919629a82d6cb09.tar.gz
prosody-0f3d96bb858e159322c4bca5d919629a82d6cb09.zip
certmanager: Reformat core ssl defaults
-rw-r--r--core/certmanager.lua18
1 files changed, 9 insertions, 9 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 3741145d..012eb933 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -34,11 +34,19 @@ module "certmanager"
-- Global SSL options if not overridden per-host
local global_ssl_config = configmanager.get("*", "ssl");
+-- Built-in defaults
local core_defaults = {
capath = "/etc/ssl/certs";
protocol = "tlsv1+";
verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
- options = { "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil };
+ options = {
+ cipher_server_preference = true;
+ no_ticket = luasec_has_noticket;
+ no_compression = luasec_has_no_compression and configmanager.get("*", "ssl_compression") ~= true;
+ -- Has no_compression? Then it has these too...
+ single_dh_use = luasec_has_no_compression;
+ single_ecdh_use = luasec_has_no_compression;
+ };
verifyext = { "lsec_continue", "lsec_ignore_purpose" };
curve = "secp384r1";
ciphers = "HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL";
@@ -57,14 +65,6 @@ if ssl and not luasec_has_verifyext and ssl.x509 then
end
end
-if luasec_has_no_compression then -- Has no_compression? Then it has these too...
- core_defaults.options[#core_defaults.options+1] = "single_dh_use";
- core_defaults.options[#core_defaults.options+1] = "single_ecdh_use";
- if configmanager.get("*", "ssl_compression") ~= true then
- core_defaults.options[#core_defaults.options+1] = "no_compression";
- end
-end
-
local function merge_set(t, o)
if type(t) ~= "table" then t = { t } end
for k,v in pairs(t) do