apitech
/
prosody
mirror of https://github.com/bjc/prosody
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
5659 Commits
12 Branches
101 Tags
54 MiB
Tag: Branch: Tree: 5c1d94de1b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c1d94de1b'
${ noResults }
Commit Graph

54 Commits (5c1d94de1b67353da7e2c348379c8a8509a9e66a)

Author SHA1 Message Date
Matthew Wild 26cd63e77f certmanager, net.http: Disable SSLv3 by default
11 years ago
Matthew Wild 9609c710c6 certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys.
12 years ago
Matthew Wild 1ee55840ff Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!
12 years ago
Matthew Wild 07a71ad6aa certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES)
12 years ago
Matthew Wild dbf699af30 certmanager: Fix order of options, so that the dynamic option is at the end of the array
12 years ago
Matthew Wild 98221c3991 certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones
12 years ago
Kim Alvefur 45ecf509ed certmanager: Disable SSLv3 by default
12 years ago
Kim Alvefur 628910498b certmanager: Fix dhparam callback, missing imports (Testing, pfft)
13 years ago
Kim Alvefur 7f9fe6d4cd certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
13 years ago
Matthew Wild cf82f353b7 certmanager: Fix for working around a bug with LuaSec 0.4.1 that causes it to not honour the 'ciphers' option. This change will apply 0.9's default cipher string for LuaSec 0.4.1 users.
13 years ago
Matthew Wild 2840e0726a certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.
13 years ago
Matthew Wild 0aef21fc95 certmanager: Add single_dh_use and single_ecdh_use to default options
13 years ago
Matthew Wild 1290bf766c certmanager: Set ssl.curve to 'secp384r1' by default, to enable ECC ciphers
13 years ago
Matthew Wild 040187b661 certmanager: Use 'curve' and 'dhparam' options from ssl config if present
13 years ago
Matthew Wild 840cf714cf certmanager: Disable SSL compression if possible (LuaSec 0.5 or 0.4.1+OpenSSL 1.x)
13 years ago
Kim Alvefur 1acfdf5914 core.*: Complete removal of all traces of the "core" section and section-related code.
13 years ago
Kim Alvefur ce6f0ac685 certmanager: Fix nil index if no LuaSec available
13 years ago
Kim Alvefur 4f4bc7973a core.certmanager: Add support for LuaSec 0.5. Also compat with MattJs luasec-hg
13 years ago
Matthew Wild badc4159d6 certmanager: Remove unused import of setmetatable
14 years ago
Matthew Wild d1da857c33 certmanager: Fix for traceback WITH LuaSec... (!) (thanks IRON)
14 years ago
Matthew Wild 9d5b5e9a91 certmanager: Fix traceback for missing LuaSec (thanks Link Mauve)
14 years ago
Waqas Hussain 93f062ef64 certmanager: Add quotes around cert file path when logging.
14 years ago
Matthew Wild dd4ba4d3ea certmanager: tonumber() (fix for 0b8134015635)
14 years ago
Matthew Wild 8bc1656f72 certmanager: Don't use no_ticket option before LuaSec 0.4
14 years ago
Matthew Wild 3faa06e9d4 certmanager: no_ticket is not a verification option (thanks Zash)
14 years ago
Matthew Wild 832a84b92b certmanager: Add no_ticket option for OpenSSL (we don't support resumption yet)
14 years ago
Matthew Wild dac159e422 certmanager: Adjust error messages to be non-specific about 'host' (so we can specify a service name instead ffor SSL)
14 years ago
Kim Alvefur e0762790fd core.certmanager: Log a message when a password is required but not supplied. fixes #214
14 years ago
Waqas Hussain 163e9d4bef certmanager: More informative logging.
14 years ago
Waqas Hussain c405d599c5 certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option.
15 years ago
Matthew Wild 1a9eab004c certmanager: Add required verify flags for cert verification if LuaSec (probably) supports them
15 years ago
Matthew Wild 385fd64606 prosody, configmanager, certmanager: Relocate prosody.resolve_relative_path() to configmanager, and update certmanager (the only user of this function)
15 years ago
Matthew Wild c6045f3c70 certmanager, hostmanager, mod_tls: Move responsibility for creating per-host SSL contexts to mod_tls, meaning reloading certs is now as trivial as reloading mod_tls
15 years ago
Waqas Hussain b7e51a203d Monster whitespace commit (beware the whitespace monster).
15 years ago
Waqas Hussain 1cbe0cea9b prosody.resolve_relative_path: Updated to take a parent path to resolve against.
16 years ago
Matthew Wild bb6d7b0d22 certmanager: Don't disable LuaSec and future cert loading on failure, and add error messages to the no LuaSec/config cases (thanks Jakob)
16 years ago
Matthew Wild 1ec1d76bf9 Backed out changeset 598c33a99a31 (already fixed a better way)
16 years ago
Waqas Hussain cf0bd27f7c certmanager: Use an empty table as the default ssl config when a global 'ssl' config option isn't specified (fixes a top-level traceback on startup).
16 years ago
Matthew Wild b3416f9848 certmanager: Fix to handle the case of no SSL configuration at all
16 years ago
Waqas Hussain 128f9755b7 certmanager: Added copyright header.
16 years ago
Waqas Hussain bbbad88859 certmanager: Defined default_capath to prevent a global nil access.
16 years ago
Matthew Wild e5aa3b5432 certmanager: Remove debug logging accidentally committed
16 years ago
Matthew Wild 2ffddaad84 certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
16 years ago
Matthew Wild 1967ba02a5 certmanager: Friendlier error reporting on OpenWRT and other cases where we don't understand the OpenSSL error
16 years ago
Matthew Wild 0851470da3 certmanager: Fix nil global access (thanks Marc)
16 years ago
Matthew Wild c91f1d7494 certmanager: Fix global access
16 years ago
Matthew Wild f6063e31eb certmanager: Bring back the friendly errors when failing to load the key/certificate file
16 years ago
Matthew Wild cec65108c9 certmanager, hostmanager: Rename get_context() to create_context() to be more explicit about what it does
16 years ago
Matthew Wild efae77c493 certmanager: Fix traceback with no LuaSec
16 years ago
Matthew Wild 445c0cec5f certmanager: Tabs not spaces!
16 years ago