From f0c2ed120130778f3a6ef59e41d1deb1667e9f3f Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 11 May 2021 14:14:15 +0100 Subject: certmanager: Disable renegotiation by default This requires LuaSec 0.7+ and OpenSSL 1.1.1+ --- core/certmanager.lua | 2 ++ 1 file changed, 2 insertions(+) diff --git a/core/certmanager.lua b/core/certmanager.lua index b0c7039d..d8d07636 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -55,6 +55,7 @@ local luasec_has = ssl.config or softreq"ssl.config" or { no_compression = test_option("no_compression"); single_dh_use = test_option("single_dh_use"); single_ecdh_use = test_option("single_ecdh_use"); + no_renegotiation = test_option("no_renegotiation"); }; }; @@ -119,6 +120,7 @@ local core_defaults = { no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true; single_dh_use = luasec_has.options.single_dh_use; single_ecdh_use = luasec_has.options.single_ecdh_use; + no_renegotiation = luasec_has.options.no_renegotiation; }; verifyext = { "lsec_continue", "lsec_ignore_purpose" }; curve = luasec_has.algorithms.ec and not luasec_has.capabilities.curves_list and "secp384r1"; -- cgit v1.2.3