apitech
/
prosody
mirror of https://github.com/bjc/prosody
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
6037 Commits
12 Branches
101 Tags
54 MiB
Tag: Branch: Tree: a39b07906f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a39b07906f'
${ noResults }
Commit Graph

77 Commits (a39b07906f534a6fc85be2e70fe0aa4faac0cf4e)

Author SHA1 Message Date
Kim Alvefur 2b09f7cffb certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph)
12 years ago
Kim Alvefur aa3344731d certmanager: Fix traceback if no global 'ssl' section set (thanks albert)
12 years ago
Kim Alvefur 42c69fe339 certmanager: Update ssl_compression when config is reloaded
12 years ago
Kim Alvefur 1d19874ae8 certmanager: Reformat core ssl defaults
12 years ago
Kim Alvefur 9f51849d63 certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older protocols
12 years ago
Kim Alvefur 38b74a51ef certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost
12 years ago
Kim Alvefur a0daf05646 certmanager: Wrap long line and add comment
12 years ago
Kim Alvefur c2da2e47e1 certmanager: Concatenate cipher list if given as a table
12 years ago
Kim Alvefur cdf5ff9176 certmanager: Allow non-server contexts to be without certificate and key
12 years ago
Kim Alvefur 05d6f3e713 certmanager: Check for non-nil values instead of true-ish values, allows removing defaults
12 years ago
Matthew Wild 9609c710c6 certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys.
12 years ago
Matthew Wild 1ee55840ff Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!
12 years ago
Matthew Wild 07a71ad6aa certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES)
12 years ago
Matthew Wild dbf699af30 certmanager: Fix order of options, so that the dynamic option is at the end of the array
12 years ago
Matthew Wild 98221c3991 certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones
12 years ago
Kim Alvefur 45ecf509ed certmanager: Disable SSLv3 by default
12 years ago
Kim Alvefur 4c2ea20af4 certmanager: Fix. Again.
12 years ago
Kim Alvefur 65931067bf certmanager: Add back single_dh_use and single_ecdh_use to default options (Zash breaks, Zash unbreaks)
12 years ago
Kim Alvefur 247c7be5c7 certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
13 years ago
Kim Alvefur 628910498b certmanager: Fix dhparam callback, missing imports (Testing, pfft)
13 years ago
Kim Alvefur 7f9fe6d4cd certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
13 years ago
Matthew Wild cf82f353b7 certmanager: Fix for working around a bug with LuaSec 0.4.1 that causes it to not honour the 'ciphers' option. This change will apply 0.9's default cipher string for LuaSec 0.4.1 users.
13 years ago
Florian Zeitz 1d833bb807 Remove all trailing whitespace
13 years ago
Matthew Wild 2840e0726a certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.
13 years ago
Matthew Wild 0aef21fc95 certmanager: Add single_dh_use and single_ecdh_use to default options
13 years ago
Matthew Wild 1290bf766c certmanager: Set ssl.curve to 'secp384r1' by default, to enable ECC ciphers
13 years ago
Matthew Wild 040187b661 certmanager: Use 'curve' and 'dhparam' options from ssl config if present
13 years ago
Kim Alvefur 0a3f580122 certmanager: Complain if key or certificate is missing from SSL config.
13 years ago
Kim Alvefur 2bf1a784c7 certmanager: Overhaul of how ssl configs are built.
13 years ago
Matthew Wild 840cf714cf certmanager: Disable SSL compression if possible (LuaSec 0.5 or 0.4.1+OpenSSL 1.x)
13 years ago
Kim Alvefur 1acfdf5914 core.*: Complete removal of all traces of the "core" section and section-related code.
13 years ago
Kim Alvefur ce6f0ac685 certmanager: Fix nil index if no LuaSec available
13 years ago
Kim Alvefur 4f4bc7973a core.certmanager: Add support for LuaSec 0.5. Also compat with MattJs luasec-hg
13 years ago
Matthew Wild badc4159d6 certmanager: Remove unused import of setmetatable
14 years ago
Matthew Wild d1da857c33 certmanager: Fix for traceback WITH LuaSec... (!) (thanks IRON)
14 years ago
Matthew Wild 9d5b5e9a91 certmanager: Fix traceback for missing LuaSec (thanks Link Mauve)
14 years ago
Waqas Hussain 93f062ef64 certmanager: Add quotes around cert file path when logging.
14 years ago
Matthew Wild dd4ba4d3ea certmanager: tonumber() (fix for 0b8134015635)
14 years ago
Matthew Wild 8bc1656f72 certmanager: Don't use no_ticket option before LuaSec 0.4
14 years ago
Matthew Wild 3faa06e9d4 certmanager: no_ticket is not a verification option (thanks Zash)
14 years ago
Matthew Wild 832a84b92b certmanager: Add no_ticket option for OpenSSL (we don't support resumption yet)
14 years ago
Matthew Wild dac159e422 certmanager: Adjust error messages to be non-specific about 'host' (so we can specify a service name instead ffor SSL)
14 years ago
Kim Alvefur e0762790fd core.certmanager: Log a message when a password is required but not supplied. fixes #214
14 years ago
Waqas Hussain 163e9d4bef certmanager: More informative logging.
14 years ago
Waqas Hussain c405d599c5 certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option.
15 years ago
Matthew Wild 1a9eab004c certmanager: Add required verify flags for cert verification if LuaSec (probably) supports them
15 years ago
Matthew Wild 385fd64606 prosody, configmanager, certmanager: Relocate prosody.resolve_relative_path() to configmanager, and update certmanager (the only user of this function)
15 years ago
Matthew Wild c6045f3c70 certmanager, hostmanager, mod_tls: Move responsibility for creating per-host SSL contexts to mod_tls, meaning reloading certs is now as trivial as reloading mod_tls
15 years ago
Waqas Hussain b7e51a203d Monster whitespace commit (beware the whitespace monster).
15 years ago
Waqas Hussain 1cbe0cea9b prosody.resolve_relative_path: Updated to take a parent path to resolve against.
16 years ago