Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the ↵ | Matthew Wild | 2013-11-12 | 1 | -1/+1 |
| | | | | network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients! | ||||
* | certmanager: Update default cipher string to prefer forward-secrecy over ↵ | Matthew Wild | 2013-11-10 | 1 | -1/+1 |
| | | | | cipher strength and to disable triple-DES (weaker and much slower than AES) | ||||
* | certmanager: Fix order of options, so that the dynamic option is at the end ↵ | Matthew Wild | 2013-11-09 | 1 | -1/+1 |
| | | | | of the array | ||||
* | certmanager: Default to using the server's cipher preference order by ↵ | Matthew Wild | 2013-11-09 | 1 | -1/+1 |
| | | | | default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones | ||||
* | certmanager: Disable SSLv3 by default | Kim Alvefur | 2013-10-31 | 1 | -1/+1 |
| | |||||
* | certmanager: Fix dhparam callback, missing imports (Testing, pfft)0.9.1 | Kim Alvefur | 2013-09-03 | 1 | -3/+5 |
| | |||||
* | certmanager: Allow for specifying the dhparam option as a path to a file ↵ | Kim Alvefur | 2013-09-03 | 1 | -0/+11 |
| | | | | instead of a callback | ||||
* | certmanager: Fix for working around a bug with LuaSec 0.4.1 that causes it ↵ | Matthew Wild | 2013-09-03 | 1 | -4/+4 |
| | | | | to not honour the 'ciphers' option. This change will apply 0.9's default cipher string for LuaSec 0.4.1 users. | ||||
* | certmanager: Set our own default cipher string, which includes only ciphers ↵ | Matthew Wild | 2013-07-13 | 1 | -0/+1 |
| | | | | regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4. | ||||
* | certmanager: Add single_dh_use and single_ecdh_use to default options | Matthew Wild | 2013-06-13 | 1 | -0/+5 |
| | |||||
* | certmanager: Set ssl.curve to 'secp384r1' by default, to enable ECC ciphers | Matthew Wild | 2013-06-13 | 1 | -1/+1 |
| | |||||
* | certmanager: Use 'curve' and 'dhparam' options from ssl config if present | Matthew Wild | 2013-06-11 | 1 | -0/+2 |
| | |||||
* | certmanager: Disable SSL compression if possible (LuaSec 0.5 or ↵ | Matthew Wild | 2013-05-22 | 1 | -1/+5 |
| | | | | 0.4.1+OpenSSL 1.x) | ||||
* | core.*: Complete removal of all traces of the "core" section and ↵ | Kim Alvefur | 2013-03-23 | 1 | -2/+2 |
| | | | | section-related code. | ||||
* | certmanager: Fix nil index if no LuaSec available | Kim Alvefur | 2013-01-07 | 1 | -1/+1 |
| | |||||
* | core.certmanager: Add support for LuaSec 0.5. Also compat with MattJs luasec-hg | Kim Alvefur | 2012-12-28 | 1 | -2/+12 |
| | |||||
* | certmanager: Remove unused import of setmetatable | Matthew Wild | 2012-07-23 | 1 | -1/+1 |
| | |||||
* | certmanager: Fix for traceback WITH LuaSec... (!) (thanks IRON) | Matthew Wild | 2012-07-23 | 1 | -2/+5 |
| | |||||
* | certmanager: Fix traceback for missing LuaSec (thanks Link Mauve) | Matthew Wild | 2012-07-23 | 1 | -2/+2 |
| | |||||
* | certmanager: Add quotes around cert file path when logging. | Waqas Hussain | 2012-06-12 | 1 | -1/+1 |
| | |||||
* | certmanager: tonumber() (fix for 0b8134015635) | Matthew Wild | 2012-05-19 | 1 | -1/+1 |
| | |||||
* | certmanager: Don't use no_ticket option before LuaSec 0.4 | Matthew Wild | 2012-05-19 | 1 | -1/+4 |
| | |||||
* | certmanager: no_ticket is not a verification option (thanks Zash) | Matthew Wild | 2012-05-18 | 1 | -2/+2 |
| | |||||
* | certmanager: Add no_ticket option for OpenSSL (we don't support resumption yet) | Matthew Wild | 2012-05-18 | 1 | -1/+1 |
| | |||||
* | certmanager: Adjust error messages to be non-specific about 'host' (so we ↵ | Matthew Wild | 2012-05-11 | 1 | -2/+2 |
| | | | | can specify a service name instead ffor SSL) | ||||
* | core.certmanager: Log a message when a password is required but not ↵ | Kim Alvefur | 2012-04-21 | 1 | -1/+1 |
| | | | | supplied. fixes #214 | ||||
* | certmanager: More informative logging. | Waqas Hussain | 2011-11-01 | 1 | -2/+2 |
| | |||||
* | certmanager: Support setting ciphers in SSL config. LuaSec apparently ↵ | Waqas Hussain | 2011-08-25 | 1 | -1/+9 |
| | | | | ignores the documented ciphers option. | ||||
* | certmanager: Add required verify flags for cert verification if LuaSec ↵ | Matthew Wild | 2010-11-28 | 1 | -2/+4 |
| | | | | (probably) supports them | ||||
* | prosody, configmanager, certmanager: Relocate ↵ | Matthew Wild | 2010-11-10 | 1 | -1/+1 |
| | | | | prosody.resolve_relative_path() to configmanager, and update certmanager (the only user of this function) | ||||
* | certmanager, hostmanager, mod_tls: Move responsibility for creating per-host ↵ | Matthew Wild | 2010-11-06 | 1 | -2/+2 |
| | | | | SSL contexts to mod_tls, meaning reloading certs is now as trivial as reloading mod_tls | ||||
* | Monster whitespace commit (beware the whitespace monster). | Waqas Hussain | 2010-10-16 | 1 | -2/+2 |
| | |||||
* | prosody.resolve_relative_path: Updated to take a parent path to resolve against. | Waqas Hussain | 2010-07-23 | 1 | -4/+5 |
| | |||||
* | Merge 0.7->trunk | Matthew Wild | 2010-07-23 | 1 | -2/+2 |
|\ | |||||
| * | certmanager: Don't disable LuaSec and future cert loading on failure, and ↵ | Matthew Wild | 2010-07-23 | 1 | -2/+3 |
| | | | | | | | | add error messages to the no LuaSec/config cases (thanks Jakob) | ||||
* | | Merge with backout | Matthew Wild | 2010-07-15 | 1 | -1/+1 |
|\ \ | |||||
| * | | Backed out changeset 598c33a99a31 (already fixed a better way) | Matthew Wild | 2010-07-15 | 1 | -1/+1 |
| | | | |||||
* | | | certmanager: Fix to handle the case of no SSL configuration at all | Matthew Wild | 2010-07-14 | 1 | -2/+2 |
| | | | |||||
* | | | certmanager: Added copyright header. | Waqas Hussain | 2010-07-15 | 1 | -0/+8 |
| | | | |||||
* | | | certmanager: Defined default_capath to prevent a global nil access. | Waqas Hussain | 2010-07-15 | 1 | -0/+1 |
|/ / | |||||
* | | certmanager: Use an empty table as the default ssl config when a global ↵ | Waqas Hussain | 2010-07-15 | 1 | -1/+1 |
| | | | | | | | | 'ssl' config option isn't specified (fixes a top-level traceback on startup). | ||||
* | | certmanager: Remove debug logging accidentally committed | Matthew Wild | 2010-07-13 | 1 | -2/+0 |
| | | |||||
* | | certmanager: Adjust paths of SSL key/certs to be relative to the config ↵ | Matthew Wild | 2010-07-13 | 1 | -38/+48 |
|/ | | | | file, fixes #147 | ||||
* | certmanager: Friendlier error reporting on OpenWRT and other cases where we ↵ | Matthew Wild | 2010-03-05 | 1 | -1/+3 |
| | | | | don't understand the OpenSSL error | ||||
* | certmanager: Fix nil global access (thanks Marc) | Matthew Wild | 2010-03-05 | 1 | -1/+1 |
| | |||||
* | certmanager: Fix global access | Matthew Wild | 2010-03-01 | 1 | -1/+1 |
| | |||||
* | Merge with 0.7 | Matthew Wild | 2010-02-13 | 1 | -1/+28 |
|\ | |||||
| * | certmanager: Bring back the friendly errors when failing to load the ↵ | Matthew Wild | 2010-02-13 | 1 | -1/+28 |
| | | | | | | | | key/certificate file | ||||
* | | certmanager, hostmanager: Rename get_context() to create_context() to be ↵ | Matthew Wild | 2010-02-13 | 1 | -1/+1 |
|/ | | | | more explicit about what it does | ||||
* | certmanager: Fix traceback with no LuaSec | Matthew Wild | 2010-02-05 | 1 | -1/+1 |
| |