mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 05:30:45 +00:00
prosody: Allow less secure ciphers for old clients
This extends SSL/TLS configuration for client connections to allow for a set of additional ciphers over the current "intermediate" set of defaults applied, in support of older clients.
This commit is contained in:
parent
9416ad71d8
commit
8d0a76a4f7
@ -184,6 +184,30 @@ turn_external_secret = os.getenv("PROSODY_TURN_SECRET") or ""
|
||||
-- Location of directory to find certificates in (relative to main config file):
|
||||
certificates = "/etc/ssl/private/certificates"
|
||||
|
||||
-- Allow TLS connections with additional, less secure ciphers, for compatibility with older clients.
|
||||
ssl = {
|
||||
protocol = "tlsv1_2+";
|
||||
ciphers = {
|
||||
"ECDHE-ECDSA-AES128-GCM-SHA256";
|
||||
"ECDHE-RSA-AES128-GCM-SHA256";
|
||||
"ECDHE-ECDSA-AES256-GCM-SHA384";
|
||||
"ECDHE-RSA-AES256-GCM-SHA384";
|
||||
"ECDHE-ECDSA-CHACHA20-POLY1305";
|
||||
"ECDHE-RSA-CHACHA20-POLY1305";
|
||||
"DHE-RSA-AES128-GCM-SHA256";
|
||||
"DHE-RSA-AES256-GCM-SHA384";
|
||||
"DHE-RSA-CHACHA20-POLY1305";
|
||||
"ECDHE-ECDSA-AES128-SHA256";
|
||||
"ECDHE-RSA-AES128-SHA256";
|
||||
"ECDHE-ECDSA-AES128-SHA";
|
||||
"ECDHE-RSA-AES128-SHA";
|
||||
"ECDHE-ECDSA-AES256-SHA384";
|
||||
"ECDHE-RSA-AES256-SHA384";
|
||||
"ECDHE-ECDSA-AES256-SHA";
|
||||
"ECDHE-RSA-AES256-SHA";
|
||||
};
|
||||
}
|
||||
|
||||
-- Listen on all interfaces for component connections.
|
||||
component_interface = "0.0.0.0"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user