Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
certmanager: Disable renegotiation by default 0.11
authorMatthew Wild <mwild1@gmail.com>
Tue, 11 May 2021 14:14:15 +0100
branch0.11
changeset 11555 aaf9c6b6d18d
parent 11554 929de6ade6b6
child 11556 d4b735272a61
certmanager: Disable renegotiation by default This requires LuaSec 0.7+ and OpenSSL 1.1.1+
core/certmanager.lua file | annotate | diff | comparison | revisions 
--- a/core/certmanager.lua	Tue May 11 14:10:26 2021 +0100
+++ b/core/certmanager.lua	Tue May 11 14:14:15 2021 +0100
@@ -55,6 +55,7 @@
 		no_compression = test_option("no_compression");
 		single_dh_use = test_option("single_dh_use");
 		single_ecdh_use = test_option("single_ecdh_use");
+		no_renegotiation = test_option("no_renegotiation");
 	};
 };
 
@@ -119,6 +120,7 @@
 		no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true;
 		single_dh_use = luasec_has.options.single_dh_use;
 		single_ecdh_use = luasec_has.options.single_ecdh_use;
+		no_renegotiation = luasec_has.options.no_renegotiation;
 	};
 	verifyext = { "lsec_continue", "lsec_ignore_purpose" };
 	curve = luasec_has.algorithms.ec and not luasec_has.capabilities.curves_list and "secp384r1";
prosody