aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2021-12-26 00:05:16 +0100
committerKim Alvefur <zash@zash.se>2021-12-26 00:05:16 +0100
commitf343cf5ba093f3f2f4d883b247e405f9fc29cbe7 (patch)
tree6ab034545bef45e215ddbfb2242cd841d3eff32e
parent5e4844806a410bfa45b6efe932cb79ee3ec4bea4 (diff)
downloadprosody-f343cf5ba093f3f2f4d883b247e405f9fc29cbe7.tar.gz
prosody-f343cf5ba093f3f2f4d883b247e405f9fc29cbe7.zip
core.certmanager: Add curveslist to 'old' Mozilla TLS preset
Unsure if this was overlooked before or a recent addition. Reproduced the data from JSON file available. Would be nice to have a tool that does that.
-rw-r--r--core/certmanager.lua3
1 files changed, 2 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 17fadced..efb01d50 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -256,7 +256,7 @@ local core_defaults = {
local mozilla_ssl_configs = {
-- https://wiki.mozilla.org/Security/Server_Side_TLS
- -- As of 2021-11-03
+ -- Version 5.6 as of 2021-12-26
modern = {
protocol = "tlsv1_3";
options = { cipher_server_preference = false };
@@ -313,6 +313,7 @@ local mozilla_ssl_configs = {
"AES256-SHA";
"DES-CBC3-SHA";
};
+ curveslist = { "X25519"; "prime256v1"; "secp384r1" };
ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" };
};
};