deuill/coreos-home-server
1
0
Fork 0
mirror of https://github.com/deuill/coreos-home-server.git synced 2024-09-21 13:40:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

prosody: Allow less secure ciphers for old clients

Browse Source 
This extends SSL/TLS configuration for client connections to allow for a
set of additional ciphers over the current "intermediate" set of
defaults applied, in support of older clients.
This commit is contained in:
Alex Palaistras 2022-03-22 22:02:33 +00:00
parent 9416ad71d8
commit 8d0a76a4f7
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
service/prosody/container/config/prosody.cfg.lua
View File

@ -184,6 +184,30 @@ turn_external_secret = os.getenv("PROSODY_TURN_SECRET") or ""
-- Location of directory to find certificates in (relative to main config file): -- Location of directory to find certificates in (relative to main config file):
certificates = "/etc/ssl/private/certificates" certificates = "/etc/ssl/private/certificates"
-- Allow TLS connections with additional, less secure ciphers, for compatibility with older clients.
ssl = {
protocol = "tlsv1_2+";
ciphers = {
"ECDHE-ECDSA-AES128-GCM-SHA256";
"ECDHE-RSA-AES128-GCM-SHA256";
"ECDHE-ECDSA-AES256-GCM-SHA384";
"ECDHE-RSA-AES256-GCM-SHA384";
"ECDHE-ECDSA-CHACHA20-POLY1305";
"ECDHE-RSA-CHACHA20-POLY1305";
"DHE-RSA-AES128-GCM-SHA256";
"DHE-RSA-AES256-GCM-SHA384";
"DHE-RSA-CHACHA20-POLY1305";
"ECDHE-ECDSA-AES128-SHA256";
"ECDHE-RSA-AES128-SHA256";
"ECDHE-ECDSA-AES128-SHA";
"ECDHE-RSA-AES128-SHA";
"ECDHE-ECDSA-AES256-SHA384";
"ECDHE-RSA-AES256-SHA384";
"ECDHE-ECDSA-AES256-SHA";
"ECDHE-RSA-AES256-SHA";
};
}
-- Listen on all interfaces for component connections. -- Listen on all interfaces for component connections.
component_interface = "0.0.0.0" component_interface = "0.0.0.0"