certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.

author: Matthew Wild <mwild1@gmail.com> 2013-07-13 13:15:24 +0100
committer: Matthew Wild <mwild1@gmail.com> 2013-07-13 13:15:24 +0100
commit: 2840e0726ad39ed0d191b15ed4aceb4eb3daa07a (patch)
tree: 57ce12d014761291c8314b8c9f77917f5c975070 /core/certmanager.lua
parent: 26511c10d4f4734c7a121be1bd43ca20b16fbf76 (diff)
download: prosody-2840e0726ad39ed0d191b15ed4aceb4eb3daa07a.tar.gz
prosody-2840e0726ad39ed0d191b15ed4aceb4eb3daa07a.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 4bcac40d..5dee5876 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -68,6 +68,7 @@ function create_context(host, mode, user_ssl_config)
 		options = user_ssl_config.options or default_options;
 		depth = user_ssl_config.depth;
 		curve = user_ssl_config.curve or "secp384r1";
+		ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH";
 		dhparam = user_ssl_config.dhparam;
 	};
author	Matthew Wild <mwild1@gmail.com>	2013-07-13 13:15:24 +0100
committer	Matthew Wild <mwild1@gmail.com>	2013-07-13 13:15:24 +0100
commit	2840e0726ad39ed0d191b15ed4aceb4eb3daa07a (patch)
tree	57ce12d014761291c8314b8c9f77917f5c975070 /core/certmanager.lua
parent	26511c10d4f4734c7a121be1bd43ca20b16fbf76 (diff)
download	prosody-2840e0726ad39ed0d191b15ed4aceb4eb3daa07a.tar.gz prosody-2840e0726ad39ed0d191b15ed4aceb4eb3daa07a.zip