diff options
author | Matthew Wild <mwild1@gmail.com> | 2013-07-13 13:15:24 +0100 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2013-07-13 13:15:24 +0100 |
commit | a0093f80ff627e2ab11412272662d6fcbdc39702 (patch) | |
tree | 57ce12d014761291c8314b8c9f77917f5c975070 /core | |
parent | 07dee43089caf3fddd70aeb48e12535c4f03ec29 (diff) | |
download | prosody-a0093f80ff627e2ab11412272662d6fcbdc39702.tar.gz prosody-a0093f80ff627e2ab11412272662d6fcbdc39702.zip |
certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.
Diffstat (limited to 'core')
-rw-r--r-- | core/certmanager.lua | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index 4bcac40d..5dee5876 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -68,6 +68,7 @@ function create_context(host, mode, user_ssl_config) options = user_ssl_config.options or default_options; depth = user_ssl_config.depth; curve = user_ssl_config.curve or "secp384r1"; + ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH"; dhparam = user_ssl_config.dhparam; }; |