aboutsummaryrefslogtreecommitdiffstats
path: root/core/certmanager.lua
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2013-11-09 17:50:19 +0000
committerMatthew Wild <mwild1@gmail.com>2013-11-09 17:50:19 +0000
commit98221c399117fa1c99ec023d52a567d351e10473 (patch)
tree1026dbe80944f5c0e51da4c76e21923dbcc4e199 /core/certmanager.lua
parent45ecf509edc30aa6f83d87323d87b2b9c8104bb4 (diff)
downloadprosody-98221c399117fa1c99ec023d52a567d351e10473.tar.gz
prosody-98221c399117fa1c99ec023d52a567d351e10473.zip
certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones
Diffstat (limited to 'core/certmanager.lua')
-rw-r--r--core/certmanager.lua2
1 files changed, 1 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index e820c914..5e829777 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -33,7 +33,7 @@ module "certmanager"
local default_ssl_config = configmanager.get("*", "ssl");
local default_capath = "/etc/ssl/certs";
local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
-local default_options = { "no_sslv2", "no_sslv3", luasec_has_noticket and "no_ticket" or nil };
+local default_options = { "no_sslv2", "no_sslv3", luasec_has_noticket and "no_ticket" or nil, "cipher_server_preference" };
local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" };
if ssl and not luasec_has_verifyext and ssl.x509 then