diff options
author | Kim Alvefur <zash@zash.se> | 2021-11-03 12:23:29 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2021-11-03 12:23:29 +0100 |
commit | 99a73bdcf62f76d3111e1a25710ff772d35ff1ac (patch) | |
tree | d9a5e2d4f801d6ba41c165bb10b04a3c73017358 /core | |
parent | d2ff8032626bb17d332b4e9047c8cc0f0b39fec7 (diff) | |
download | prosody-99a73bdcf62f76d3111e1a25710ff772d35ff1ac.tar.gz prosody-99a73bdcf62f76d3111e1a25710ff772d35ff1ac.zip |
core.certmanager: Add TLS 1.3 cipher suites to Mozilla TLS presets
Diffstat (limited to 'core')
-rw-r--r-- | core/certmanager.lua | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index bdfefce3..a2d76671 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -248,11 +248,14 @@ local core_defaults = { } local mozilla_ssl_configs = { - -- As of 2019-12-22 + -- https://wiki.mozilla.org/Security/Server_Side_TLS + -- As of 2021-11-03 modern = { protocol = "tlsv1_3"; options = { cipher_server_preference = false }; ciphers = "DEFAULT"; -- TLS 1.3 uses 'ciphersuites' rather than these + curveslist = { "X25519"; "prime256v1"; "secp384r1" }; + ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" }; }; intermediate = { protocol = "tlsv1_2+"; @@ -268,6 +271,8 @@ local mozilla_ssl_configs = { "DHE-RSA-AES128-GCM-SHA256"; "DHE-RSA-AES256-GCM-SHA384"; }; + curveslist = { "X25519"; "prime256v1"; "secp384r1" }; + ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" }; }; old = { protocol = "tlsv1+"; @@ -301,6 +306,7 @@ local mozilla_ssl_configs = { "AES256-SHA"; "DES-CBC3-SHA"; }; + ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" }; }; }; |