Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | certmanager: Move ssl.protocol handling to after ssl.options is a table ↵ | Kim Alvefur | 2014-04-21 | 1 | -8/+9 |
| | | | | (thanks Ralph) | ||||
* | certmanager: Fix traceback if no global 'ssl' section set (thanks albert) | Kim Alvefur | 2014-04-20 | 1 | -1/+3 |
| | |||||
* | certmanager: Update ssl_compression when config is reloaded | Kim Alvefur | 2014-04-15 | 1 | -0/+3 |
| | |||||
* | certmanager: Reformat core ssl defaults | Kim Alvefur | 2014-04-15 | 1 | -9/+9 |
| | |||||
* | certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older ↵ | Kim Alvefur | 2014-04-15 | 1 | -2/+13 |
| | | | | protocols | ||||
* | certmanager: Merge ssl.options, verify etc from core defaults and global ssl ↵ | Kim Alvefur | 2014-04-15 | 1 | -0/+29 |
| | | | | settings with inheritance while allowing options to be disabled per virtualhost | ||||
* | certmanager: Wrap long line and add comment | Kim Alvefur | 2014-04-14 | 1 | -1/+5 |
| | |||||
* | certmanager: Concatenate cipher list if given as a table | Kim Alvefur | 2014-04-14 | 1 | -0/+6 |
| | |||||
* | certmanager: Allow non-server contexts to be without certificate and key | Kim Alvefur | 2014-04-14 | 1 | -2/+4 |
| | |||||
* | certmanager: Check for non-nil values instead of true-ish values, allows ↵ | Kim Alvefur | 2014-04-14 | 1 | -2/+3 |
| | | | | removing defaults | ||||
* | Merge 0.9->0.10 | Matthew Wild | 2014-04-02 | 13 | -132/+150 |
|\ | |||||
| * | Merge 0.9->0.10 | Kim Alvefur | 2014-03-25 | 1 | -1/+1 |
| |\ | |||||
| * | | modulemanager: Always load a platform-specific module, add stub modules for ↵ | Kim Alvefur | 2014-01-26 | 1 | -1/+1 |
| | | | | | | | | | | | | Windows and unknown platforms | ||||
| * | | Merge 0.9->0.10 | Matthew Wild | 2013-11-21 | 1 | -1/+1 |
| |\ \ | |||||
| * \ \ | Merge 0.9->0.10 | Matthew Wild | 2013-11-10 | 1 | -1/+1 |
| |\ \ \ | |||||
| * \ \ \ | Merge 0.9->0.10 | Matthew Wild | 2013-11-09 | 1 | -1/+1 |
| |\ \ \ \ | |||||
| * \ \ \ \ | Merge 0.9 -> 0.10 | Kim Alvefur | 2013-10-31 | 1 | -1/+1 |
| |\ \ \ \ \ | |||||
| * | | | | | | certmanager: Fix. Again. | Kim Alvefur | 2013-10-15 | 1 | -2/+2 |
| | | | | | | | |||||
| * | | | | | | certmanager: Add back single_dh_use and single_ecdh_use to default options ↵ | Kim Alvefur | 2013-10-15 | 1 | -2/+6 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | (Zash breaks, Zash unbreaks) | ||||
| * | | | | | | moduleapi: Add module:unhook() | Matthew Wild | 2013-09-16 | 1 | -0/+4 |
| | | | | | | | |||||
| * | | | | | | certmanager: Allow for specifying the dhparam option as a path to a file ↵ | Kim Alvefur | 2013-09-03 | 1 | -2/+17 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | instead of a callback | ||||
| * | | | | | | Merge 0.9->trunk | Matthew Wild | 2013-09-03 | 1 | -1/+1 |
| |\ \ \ \ \ \ | |||||
| * | | | | | | | usermanager: Remove unused import of pairs() | Matthew Wild | 2013-08-13 | 1 | -1/+0 |
| | | | | | | | | |||||
| * | | | | | | | Remove all trailing whitespace | Florian Zeitz | 2013-08-09 | 13 | -86/+86 |
| | | | | | | | | |||||
| * | | | | | | | moduleapi: module:get_host_type() now returns 'global' for * and 'local' for ↵ | Matthew Wild | 2013-08-06 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | non-components | ||||
| * | | | | | | | rostermanager, mod_groups: Change roster-load event to pass an event table ↵ | Matthew Wild | 2013-07-15 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | for consistency | ||||
| * | | | | | | | Merge 0.9->trunk | Matthew Wild | 2013-07-13 | 1 | -0/+1 |
| |\ \ \ \ \ \ \ | |||||
| * | | | | | | | | certmanager: Overhaul of how ssl configs are built. | Kim Alvefur | 2013-06-13 | 1 | -38/+45 |
| | | | | | | | | | |||||
| * | | | | | | | | Merge 0.9->trunk | Matthew Wild | 2013-06-13 | 1 | -0/+5 |
| |\ \ \ \ \ \ \ \ | |||||
| * \ \ \ \ \ \ \ \ | Merge 0.9->trunk | Matthew Wild | 2013-06-13 | 1 | -1/+1 |
| |\ \ \ \ \ \ \ \ \ | |||||
| * \ \ \ \ \ \ \ \ \ | Merge 0.9->trunk | Matthew Wild | 2013-06-11 | 1 | -0/+2 |
| |\ \ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | | | certmanager: Complain if key or certificate is missing from SSL config. | Kim Alvefur | 2013-06-07 | 1 | -0/+2 |
| | | | | | | | | | | | | |||||
* | | | | | | | | | | | | portmanager: Make maximum read size configurable, and default to 4KB | Matthew Wild | 2014-03-30 | 1 | -1/+3 |
| |_|_|_|_|_|_|_|_|_|/ |/| | | | | | | | | | | |||||
* | | | | | | | | | | | modulemanager: Load mod_saslauth on components by default | Kim Alvefur | 2014-03-22 | 1 | -1/+1 |
| |_|_|_|_|_|_|_|_|/ |/| | | | | | | | | | |||||
* | | | | | | | | | | certmanager: Further cipher string tweaking. Re-enable ciphers required for ↵ | Matthew Wild | 2013-11-21 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DSA and ECDH certs/keys. | ||||
* | | | | | | | | | | Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the ↵ | Matthew Wild | 2013-11-12 | 1 | -1/+1 |
| |_|_|_|_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients! | ||||
* | | | | | | | | | certmanager: Update default cipher string to prefer forward-secrecy over ↵ | Matthew Wild | 2013-11-10 | 1 | -1/+1 |
| |_|_|_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | cipher strength and to disable triple-DES (weaker and much slower than AES) | ||||
* | | | | | | | | certmanager: Fix order of options, so that the dynamic option is at the end ↵ | Matthew Wild | 2013-11-09 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | of the array | ||||
* | | | | | | | | certmanager: Default to using the server's cipher preference order by ↵ | Matthew Wild | 2013-11-09 | 1 | -1/+1 |
| |_|_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones | ||||
* | | | | | | | certmanager: Disable SSLv3 by default | Kim Alvefur | 2013-10-31 | 1 | -1/+1 |
| | | | | | | | |||||
* | | | | | | | certmanager: Fix dhparam callback, missing imports (Testing, pfft) | Kim Alvefur | 2013-09-03 | 1 | -3/+5 |
| | | | | | | | |||||
* | | | | | | | certmanager: Allow for specifying the dhparam option as a path to a file ↵ | Kim Alvefur | 2013-09-03 | 1 | -0/+11 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | instead of a callback | ||||
* | | | | | | | certmanager: Fix for working around a bug with LuaSec 0.4.1 that causes it ↵ | Matthew Wild | 2013-09-03 | 1 | -4/+4 |
| |_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | to not honour the 'ciphers' option. This change will apply 0.9's default cipher string for LuaSec 0.4.1 users. | ||||
* | | | | | | configmanager: Fix checking of absolute paths on Windows | Kim Alvefur | 2013-08-30 | 1 | -1/+1 |
| |_|_|_|/ |/| | | | | |||||
* | | | | | certmanager: Set our own default cipher string, which includes only ciphers ↵ | Matthew Wild | 2013-07-13 | 1 | -0/+1 |
| |_|_|/ |/| | | | | | | | | | | | regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4. | ||||
* | | | | certmanager: Add single_dh_use and single_ecdh_use to default options | Matthew Wild | 2013-06-13 | 1 | -0/+5 |
| |_|/ |/| | | |||||
* | | | certmanager: Set ssl.curve to 'secp384r1' by default, to enable ECC ciphers | Matthew Wild | 2013-06-13 | 1 | -1/+1 |
| |/ |/| | |||||
* | | certmanager: Use 'curve' and 'dhparam' options from ssl config if present | Matthew Wild | 2013-06-11 | 1 | -0/+2 |
|/ | |||||
* | certmanager: Disable SSL compression if possible (LuaSec 0.5 or ↵ | Matthew Wild | 2013-05-22 | 1 | -1/+5 |
| | | | | 0.4.1+OpenSSL 1.x) | ||||
* | portmanager: Also include the interface the service is listening on | Kim Alvefur | 2013-04-29 | 1 | -1/+1 |
| |