prosody

Commit Graph

Author	SHA1	Message	Date
Kim Alvefur	0158bad7ad	certmanager: Set single curve conditioned on LuaSec advertising EC crypto support	8 years ago
Kim Alvefur	b9005e7b8a	certmanager: Filter out curves not supported by LuaSec	8 years ago
Kim Alvefur	0315d775b2	certmanager: Change table representing LuaSec capabilities to match capabilities table exposed in LuaSec 0.7	8 years ago
Kim Alvefur	e1a94acbb9	core.certmanager: Set a default curveslist [sic], fixes #879 , #943 , #951 if used along with luasec 0.7 and openssl 1.1	8 years ago
Kim Alvefur	296e430244	prosodyctl: cert import: Reuse function from certmanager for locating certificates and keys	8 years ago
Matthew Wild	2ae9801ba6	certmanager: Add debug logging (thanks av6)	8 years ago
Kim Alvefur	f65858dd27	certmanager: Update the 'certificates' option after the config has been reloaded (fixes #929 )	9 years ago
Kim Alvefur	269b993aee	core.certmanager: Translate "no start line" to something friendlier (thanks santiago)	9 years ago
Kim Alvefur	b421c1992e	core.certmanager: Split cipher list into array with comments explaining each part	9 years ago
Kim Alvefur	0e989e1401	certmanager: Assume default config path of '.' (fixes prosodyctl check certs when not installed)	10 years ago
Matthew Wild	71b31dde25	certmanager: Explicitly tonumber() version number segments before doing arithmetic and avoid relying on implicit coercion (thanks David Favro)	10 years ago
Matthew Wild	68d19b7be1	certmanager: Localize tonumber	10 years ago
Kim Alvefur	ef1ad262f7	certmanager: Try filename.key if certificate is set to a full filename ending with .crt	10 years ago
Kim Alvefur	439a62a853	certmanager: Apply global ssl config later so certificate/key is not overwritten by magic	10 years ago
Matthew Wild	e2b370c6bf	certmanager: Support new certificate configuration for non-XMPP services too (fixes #614 )	10 years ago
Kim Alvefur	c32b0e36d6	core.certmanager: Look for certificate and key in a few different places	10 years ago
Kim Alvefur	14d22d84e4	core.certmanager: Remove non-string filenames (allows setting eg capath to false to disable the built in default)	10 years ago
Kim Alvefur	27265c20e2	core.*: Remove use of module() function	11 years ago
Kim Alvefur	b7a38c8c93	certmanager: Fix compat for MattJs old LuaSec fork	11 years ago
Kim Alvefur	f715115939	certmanager: Fix previous commit	11 years ago
Kim Alvefur	664c92cdde	certmanager: Limit certificate chain depth to 9	11 years ago
Kim Alvefur	3581c71067	certmanager: Options that appear to be available since LuaSec 0.2	11 years ago
Kim Alvefur	bf57457852	certmanager: Improve "detection" of features that depend on LuaSec version	11 years ago
Kim Alvefur	fb96020a96	certmanager: Add locals for ssl.context and ssl.x509	11 years ago
Kim Alvefur	7565573fec	certmanager: Early return from the entire module if LuaSec is unavailable	11 years ago
Matthew Wild	186f9ee295	certmanager: Make global variable access explicit	11 years ago
Kim Alvefur	49ba0ce08d	certmanager, mod_tls: Return final ssl config as third return value (fix for c6caaa440e74, portmanager assumes non-falsy second return value is an error) (thanks deoren)	11 years ago
Kim Alvefur	843afaf372	certmanager: Return final ssl config along with ssl context on success	11 years ago
Matthew Wild	26cd63e77f	certmanager, net.http: Disable SSLv3 by default	11 years ago
Kim Alvefur	349d03f965	core.certmanager: Make create_context() support an arbitrary number of option sets, merging all	12 years ago
Kim Alvefur	40cbe58541	core.certmanager: Use util.sslconfig	12 years ago
Kim Alvefur	36b77bca8b	core.certmanager, core.moduleapi, mod_storage_sql, mod_storage_sql2: Import from util.paths	12 years ago
Kim Alvefur	2b09f7cffb	certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph)	12 years ago
Kim Alvefur	aa3344731d	certmanager: Fix traceback if no global 'ssl' section set (thanks albert)	12 years ago
Kim Alvefur	42c69fe339	certmanager: Update ssl_compression when config is reloaded	12 years ago
Kim Alvefur	1d19874ae8	certmanager: Reformat core ssl defaults	12 years ago
Kim Alvefur	9f51849d63	certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older protocols	12 years ago
Kim Alvefur	38b74a51ef	certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost	12 years ago
Kim Alvefur	a0daf05646	certmanager: Wrap long line and add comment	12 years ago
Kim Alvefur	c2da2e47e1	certmanager: Concatenate cipher list if given as a table	12 years ago
Kim Alvefur	cdf5ff9176	certmanager: Allow non-server contexts to be without certificate and key	12 years ago
Kim Alvefur	05d6f3e713	certmanager: Check for non-nil values instead of true-ish values, allows removing defaults	12 years ago
Matthew Wild	9609c710c6	certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys.	12 years ago
Matthew Wild	1ee55840ff	Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!	12 years ago
Matthew Wild	07a71ad6aa	certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES)	12 years ago
Matthew Wild	dbf699af30	certmanager: Fix order of options, so that the dynamic option is at the end of the array	12 years ago
Matthew Wild	98221c3991	certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones	12 years ago
Kim Alvefur	45ecf509ed	certmanager: Disable SSLv3 by default	12 years ago
Kim Alvefur	4c2ea20af4	certmanager: Fix. Again.	12 years ago
Kim Alvefur	65931067bf	certmanager: Add back single_dh_use and single_ecdh_use to default options (Zash breaks, Zash unbreaks)	12 years ago

1 2 3

108 Commits (d3bdcaeda0e621f05abaa6c8a86b52dc20a02859)