From f0c2ed120130778f3a6ef59e41d1deb1667e9f3f Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Tue, 11 May 2021 14:14:15 +0100
Subject: certmanager: Disable renegotiation by default

This requires LuaSec 0.7+ and OpenSSL 1.1.1+
---
 core/certmanager.lua | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'core')

diff --git a/core/certmanager.lua b/core/certmanager.lua
index b0c7039d..d8d07636 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -55,6 +55,7 @@ local luasec_has = ssl.config or softreq"ssl.config" or {
 		no_compression = test_option("no_compression");
 		single_dh_use = test_option("single_dh_use");
 		single_ecdh_use = test_option("single_ecdh_use");
+		no_renegotiation = test_option("no_renegotiation");
 	};
 };
 
@@ -119,6 +120,7 @@ local core_defaults = {
 		no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true;
 		single_dh_use = luasec_has.options.single_dh_use;
 		single_ecdh_use = luasec_has.options.single_ecdh_use;
+		no_renegotiation = luasec_has.options.no_renegotiation;
 	};
 	verifyext = { "lsec_continue", "lsec_ignore_purpose" };
 	curve = luasec_has.algorithms.ec and not luasec_has.capabilities.curves_list and "secp384r1";
-- 
cgit v1.2.3