From 23512ecccc3536188e59bebd153c6d44fb4c3c10 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Sep 2017 15:45:07 +0200 Subject: core.certmanager: Set a default curveslist [sic], fixes #879, #943, #951 if used along with luasec 0.7 and openssl 1.1 --- core/certmanager.lua | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/core/certmanager.lua b/core/certmanager.lua index 73b346c3..2be66a21 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -107,6 +107,12 @@ local core_defaults = { }; verifyext = { "lsec_continue", "lsec_ignore_purpose" }; curve = "secp384r1"; + curveslist = { + "X25519", + "P-384", + "P-256", + "P-521", + }; ciphers = { -- Enabled ciphers in order of preference: "HIGH+kEDH", -- Ephemeral Diffie-Hellman key exchange, if a 'dhparam' file is set "HIGH+kEECDH", -- Ephemeral Elliptic curve Diffie-Hellman key exchange -- cgit v1.2.3