From 3b2c39901a24d660aaf3d220448d8a49df5c6fcf Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 16 Sep 2021 09:52:51 +0200 Subject: core.certmanager: Disable DANE name checks (not needed for XMPP) Pending https://github.com/brunoos/luasec/pull/179 Should not be done globally, but rather only for s2sout, but that would have to be in mod_tls then. --- core/certmanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/certmanager.lua b/core/certmanager.lua index efb01d50..bde98621 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -251,7 +251,7 @@ local core_defaults = { "!3DES", -- 3DES - slow and of questionable security "!aNULL", -- Ciphers that does not authenticate the connection }; - dane = configmanager.get("*", "use_dane"); + dane = luasec_has.capabilities.dane and configmanager.get("*", "use_dane") and { "no_ee_namechecks" }; } local mozilla_ssl_configs = { -- cgit v1.2.3