aboutsummaryrefslogtreecommitdiffstats
path: root/core/certmanager.lua
Commit message (Collapse)AuthorAgeFilesLines
* certmanager: Reformat core ssl defaultsKim Alvefur2014-04-151-9/+9
|
* certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older ↵Kim Alvefur2014-04-151-2/+13
| | | | protocols
* certmanager: Merge ssl.options, verify etc from core defaults and global ssl ↵Kim Alvefur2014-04-151-0/+29
| | | | settings with inheritance while allowing options to be disabled per virtualhost
* certmanager: Wrap long line and add commentKim Alvefur2014-04-141-1/+5
|
* certmanager: Concatenate cipher list if given as a tableKim Alvefur2014-04-141-0/+6
|
* certmanager: Allow non-server contexts to be without certificate and keyKim Alvefur2014-04-141-2/+4
|
* certmanager: Check for non-nil values instead of true-ish values, allows ↵Kim Alvefur2014-04-141-2/+3
| | | | removing defaults
* Merge 0.9->0.10Matthew Wild2013-11-211-1/+1
|\
| * certmanager: Further cipher string tweaking. Re-enable ciphers required for ↵Matthew Wild2013-11-211-1/+1
| | | | | | | | DSA and ECDH certs/keys.
| * Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the ↵Matthew Wild2013-11-121-1/+1
| | | | | | | | network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!
* | Merge 0.9->0.10Matthew Wild2013-11-101-1/+1
|\|
| * certmanager: Update default cipher string to prefer forward-secrecy over ↵Matthew Wild2013-11-101-1/+1
| | | | | | | | cipher strength and to disable triple-DES (weaker and much slower than AES)
* | Merge 0.9->0.10Matthew Wild2013-11-091-1/+1
|\|
| * certmanager: Fix order of options, so that the dynamic option is at the end ↵Matthew Wild2013-11-091-1/+1
| | | | | | | | of the array
| * certmanager: Default to using the server's cipher preference order by ↵Matthew Wild2013-11-091-1/+1
| | | | | | | | default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones
* | Merge 0.9 -> 0.10Kim Alvefur2013-10-311-1/+1
|\|
| * certmanager: Disable SSLv3 by defaultKim Alvefur2013-10-311-1/+1
| |
| * certmanager: Fix dhparam callback, missing imports (Testing, pfft)0.9.1Kim Alvefur2013-09-031-3/+5
| |
| * certmanager: Allow for specifying the dhparam option as a path to a file ↵Kim Alvefur2013-09-031-0/+11
| | | | | | | | instead of a callback
| * certmanager: Fix for working around a bug with LuaSec 0.4.1 that causes it ↵Matthew Wild2013-09-031-4/+4
| | | | | | | | to not honour the 'ciphers' option. This change will apply 0.9's default cipher string for LuaSec 0.4.1 users.
* | certmanager: Fix. Again.Kim Alvefur2013-10-151-2/+2
| |
* | certmanager: Add back single_dh_use and single_ecdh_use to default options ↵Kim Alvefur2013-10-151-2/+6
| | | | | | | | (Zash breaks, Zash unbreaks)
* | certmanager: Allow for specifying the dhparam option as a path to a file ↵Kim Alvefur2013-09-031-2/+17
| | | | | | | | instead of a callback
* | Remove all trailing whitespaceFlorian Zeitz2013-08-091-1/+1
| |
* | Merge 0.9->trunkMatthew Wild2013-07-131-0/+1
|\|
| * certmanager: Set our own default cipher string, which includes only ciphers ↵Matthew Wild2013-07-131-0/+1
| | | | | | | | regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.
* | certmanager: Overhaul of how ssl configs are built.Kim Alvefur2013-06-131-38/+45
| |
* | Merge 0.9->trunkMatthew Wild2013-06-131-0/+5
|\|
| * certmanager: Add single_dh_use and single_ecdh_use to default optionsMatthew Wild2013-06-131-0/+5
| |
* | Merge 0.9->trunkMatthew Wild2013-06-131-1/+1
|\|
| * certmanager: Set ssl.curve to 'secp384r1' by default, to enable ECC ciphersMatthew Wild2013-06-131-1/+1
| |
* | Merge 0.9->trunkMatthew Wild2013-06-111-0/+2
|\|
| * certmanager: Use 'curve' and 'dhparam' options from ssl config if presentMatthew Wild2013-06-111-0/+2
| |
* | certmanager: Complain if key or certificate is missing from SSL config.Kim Alvefur2013-06-071-0/+2
|/
* certmanager: Disable SSL compression if possible (LuaSec 0.5 or ↵Matthew Wild2013-05-221-1/+5
| | | | 0.4.1+OpenSSL 1.x)
* core.*: Complete removal of all traces of the "core" section and ↵Kim Alvefur2013-03-231-2/+2
| | | | section-related code.
* certmanager: Fix nil index if no LuaSec availableKim Alvefur2013-01-071-1/+1
|
* core.certmanager: Add support for LuaSec 0.5. Also compat with MattJs luasec-hgKim Alvefur2012-12-281-2/+12
|
* certmanager: Remove unused import of setmetatableMatthew Wild2012-07-231-1/+1
|
* certmanager: Fix for traceback WITH LuaSec... (!) (thanks IRON)Matthew Wild2012-07-231-2/+5
|
* certmanager: Fix traceback for missing LuaSec (thanks Link Mauve)Matthew Wild2012-07-231-2/+2
|
* certmanager: Add quotes around cert file path when logging.Waqas Hussain2012-06-121-1/+1
|
* certmanager: tonumber() (fix for 0b8134015635)Matthew Wild2012-05-191-1/+1
|
* certmanager: Don't use no_ticket option before LuaSec 0.4Matthew Wild2012-05-191-1/+4
|
* certmanager: no_ticket is not a verification option (thanks Zash)Matthew Wild2012-05-181-2/+2
|
* certmanager: Add no_ticket option for OpenSSL (we don't support resumption yet)Matthew Wild2012-05-181-1/+1
|
* certmanager: Adjust error messages to be non-specific about 'host' (so we ↵Matthew Wild2012-05-111-2/+2
| | | | can specify a service name instead ffor SSL)
* core.certmanager: Log a message when a password is required but not ↵Kim Alvefur2012-04-211-1/+1
| | | | supplied. fixes #214
* certmanager: More informative logging.Waqas Hussain2011-11-011-2/+2
|
* certmanager: Support setting ciphers in SSL config. LuaSec apparently ↵Waqas Hussain2011-08-251-1/+9
| | | | ignores the documented ciphers option.