apitech
/
prosody
mirror of https://github.com/bjc/prosody
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
6143 Commits
12 Branches
101 Tags
54 MiB
Tag: Branch: Tree: 110fb5576b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '110fb5576b'
${ noResults }
Commit Graph

80 Commits (110fb5576b604fdff69dd7d6cedeec4fee7fe361)

Author SHA1 Message Date
Kim Alvefur 4dbcfd32b3 core.certmanager: Make create_context() support an arbitrary number of option sets, merging all
12 years ago
Kim Alvefur 851f3018e7 core.certmanager: Use util.sslconfig
12 years ago
Kim Alvefur e31991a773 core.certmanager, core.moduleapi, mod_storage_sql, mod_storage_sql2: Import from util.paths
12 years ago
Kim Alvefur 3674d93277 certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph)
12 years ago
Kim Alvefur 84ab9b7805 certmanager: Fix traceback if no global 'ssl' section set (thanks albert)
12 years ago
Kim Alvefur c8e173e9c9 certmanager: Update ssl_compression when config is reloaded
12 years ago
Kim Alvefur 0f3d96bb85 certmanager: Reformat core ssl defaults
12 years ago
Kim Alvefur 7229a760a4 certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older protocols
12 years ago
Kim Alvefur 01c2957f02 certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost
12 years ago
Kim Alvefur ff3d811e6a certmanager: Wrap long line and add comment
12 years ago
Kim Alvefur 6031d2cdfa certmanager: Concatenate cipher list if given as a table
12 years ago
Kim Alvefur a43c400bf8 certmanager: Allow non-server contexts to be without certificate and key
12 years ago
Kim Alvefur 5dc9451f0e certmanager: Check for non-nil values instead of true-ish values, allows removing defaults
12 years ago
Matthew Wild 2565ed535e certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys.
12 years ago
Matthew Wild 5f4e34aa73 Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!
12 years ago
Matthew Wild 67a543adb0 certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES)
12 years ago
Matthew Wild 84ab7c5628 certmanager: Fix order of options, so that the dynamic option is at the end of the array
12 years ago
Matthew Wild 9a43ef189a certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones
12 years ago
Kim Alvefur 1527cd447a certmanager: Disable SSLv3 by default
12 years ago
Kim Alvefur ddab347165 certmanager: Fix. Again.
12 years ago
Kim Alvefur e9b5aeb4c3 certmanager: Add back single_dh_use and single_ecdh_use to default options (Zash breaks, Zash unbreaks)
12 years ago
Kim Alvefur dac7b39113 certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
13 years ago
Kim Alvefur 69e2fd5d81 certmanager: Fix dhparam callback, missing imports (Testing, pfft)
13 years ago
Kim Alvefur 99ab893457 certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
13 years ago
Matthew Wild 599f897c2a certmanager: Fix for working around a bug with LuaSec 0.4.1 that causes it to not honour the 'ciphers' option. This change will apply 0.9's default cipher string for LuaSec 0.4.1 users.
13 years ago
Florian Zeitz 4b618a8727 Remove all trailing whitespace
13 years ago
Matthew Wild a0093f80ff certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.
13 years ago
Matthew Wild 47a2577f26 certmanager: Add single_dh_use and single_ecdh_use to default options
13 years ago
Matthew Wild 442955c94c certmanager: Set ssl.curve to 'secp384r1' by default, to enable ECC ciphers
13 years ago
Matthew Wild b4884d7aab certmanager: Use 'curve' and 'dhparam' options from ssl config if present
13 years ago
Kim Alvefur 7c74e93345 certmanager: Complain if key or certificate is missing from SSL config.
13 years ago
Kim Alvefur 08dcde40f6 certmanager: Overhaul of how ssl configs are built.
13 years ago
Matthew Wild ce2b29fe49 certmanager: Disable SSL compression if possible (LuaSec 0.5 or 0.4.1+OpenSSL 1.x)
13 years ago
Kim Alvefur 75e786c1f0 core.*: Complete removal of all traces of the "core" section and section-related code.
13 years ago
Kim Alvefur e56d434e18 certmanager: Fix nil index if no LuaSec available
13 years ago
Kim Alvefur 71f54b16f9 core.certmanager: Add support for LuaSec 0.5. Also compat with MattJs luasec-hg
13 years ago
Matthew Wild ff043a930b certmanager: Remove unused import of setmetatable
14 years ago
Matthew Wild 386cb061d0 certmanager: Fix for traceback WITH LuaSec... (!) (thanks IRON)
14 years ago
Matthew Wild 75c4e5263d certmanager: Fix traceback for missing LuaSec (thanks Link Mauve)
14 years ago
Waqas Hussain b0dbc823ea certmanager: Add quotes around cert file path when logging.
14 years ago
Matthew Wild 425452286c certmanager: tonumber() (fix for 0b8134015635)
14 years ago
Matthew Wild 18369f2a72 certmanager: Don't use no_ticket option before LuaSec 0.4
14 years ago
Matthew Wild 14b50e4d76 certmanager: no_ticket is not a verification option (thanks Zash)
14 years ago
Matthew Wild 78933624f8 certmanager: Add no_ticket option for OpenSSL (we don't support resumption yet)
14 years ago
Matthew Wild b663c96ff9 certmanager: Adjust error messages to be non-specific about 'host' (so we can specify a service name instead ffor SSL)
14 years ago
Kim Alvefur c8279932bf core.certmanager: Log a message when a password is required but not supplied. fixes #214
14 years ago
Waqas Hussain 3071cfca09 certmanager: More informative logging.
14 years ago
Waqas Hussain 73e76838f3 certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option.
15 years ago
Matthew Wild 1a9eab004c certmanager: Add required verify flags for cert verification if LuaSec (probably) supports them
15 years ago
Matthew Wild 385fd64606 prosody, configmanager, certmanager: Relocate prosody.resolve_relative_path() to configmanager, and update certmanager (the only user of this function)
15 years ago