diff options
author | Kim Alvefur <zash@zash.se> | 2014-04-15 00:49:17 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2014-04-15 00:49:17 +0200 |
commit | 0f3d96bb858e159322c4bca5d919629a82d6cb09 (patch) | |
tree | 8dbbf7f8165948641945c02b331b96b27cb5c261 /core/certmanager.lua | |
parent | 7229a760a41d22e002e82f2f8d00aec8cc271f30 (diff) | |
download | prosody-0f3d96bb858e159322c4bca5d919629a82d6cb09.tar.gz prosody-0f3d96bb858e159322c4bca5d919629a82d6cb09.zip |
certmanager: Reformat core ssl defaults
Diffstat (limited to 'core/certmanager.lua')
-rw-r--r-- | core/certmanager.lua | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index 3741145d..012eb933 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -34,11 +34,19 @@ module "certmanager" -- Global SSL options if not overridden per-host local global_ssl_config = configmanager.get("*", "ssl"); +-- Built-in defaults local core_defaults = { capath = "/etc/ssl/certs"; protocol = "tlsv1+"; verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none"; - options = { "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil }; + options = { + cipher_server_preference = true; + no_ticket = luasec_has_noticket; + no_compression = luasec_has_no_compression and configmanager.get("*", "ssl_compression") ~= true; + -- Has no_compression? Then it has these too... + single_dh_use = luasec_has_no_compression; + single_ecdh_use = luasec_has_no_compression; + }; verifyext = { "lsec_continue", "lsec_ignore_purpose" }; curve = "secp384r1"; ciphers = "HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL"; @@ -57,14 +65,6 @@ if ssl and not luasec_has_verifyext and ssl.x509 then end end -if luasec_has_no_compression then -- Has no_compression? Then it has these too... - core_defaults.options[#core_defaults.options+1] = "single_dh_use"; - core_defaults.options[#core_defaults.options+1] = "single_ecdh_use"; - if configmanager.get("*", "ssl_compression") ~= true then - core_defaults.options[#core_defaults.options+1] = "no_compression"; - end -end - local function merge_set(t, o) if type(t) ~= "table" then t = { t } end for k,v in pairs(t) do |