mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 05:37:39 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

core.certmanager: Add TLS 1.3 cipher suites to Mozilla TLS presets

Browse source
This commit is contained in:
Kim Alvefur 2021-11-03 12:23:29 +01:00
parent d2ff803262
commit 99a73bdcf6
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
core/certmanager.lua
View file

@ -248,11 +248,14 @@ local core_defaults = {
}
local mozilla_ssl_configs = {
-- As of 2019-12-22
-- https://wiki.mozilla.org/Security/Server_Side_TLS
-- As of 2021-11-03
modern = {
protocol = "tlsv1_3";
options = { cipher_server_preference = false };
ciphers = "DEFAULT"; -- TLS 1.3 uses 'ciphersuites' rather than these
curveslist = { "X25519"; "prime256v1"; "secp384r1" };
ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" };
};
intermediate = {
protocol = "tlsv1_2+";
@ -268,6 +271,8 @@ local mozilla_ssl_configs = {
"DHE-RSA-AES128-GCM-SHA256";
"DHE-RSA-AES256-GCM-SHA384";
};
curveslist = { "X25519"; "prime256v1"; "secp384r1" };
ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" };
};
old = {
protocol = "tlsv1+";
@ -301,6 +306,7 @@ local mozilla_ssl_configs = {
"AES256-SHA";
"DES-CBC3-SHA";
};
ciphersuites = { "TLS_AES_128_GCM_SHA256"; "TLS_AES_256_GCM_SHA384"; "TLS_CHACHA20_POLY1305_SHA256" };
};
};