mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 13:40:45 +00:00
prosody: Allow less secure ciphers for old clients
This extends SSL/TLS configuration for client connections to allow for a set of additional ciphers over the current "intermediate" set of defaults applied, in support of older clients.
This commit is contained in:
parent
9416ad71d8
commit
8d0a76a4f7
@ -184,6 +184,30 @@ turn_external_secret = os.getenv("PROSODY_TURN_SECRET") or ""
|
|||||||
-- Location of directory to find certificates in (relative to main config file):
|
-- Location of directory to find certificates in (relative to main config file):
|
||||||
certificates = "/etc/ssl/private/certificates"
|
certificates = "/etc/ssl/private/certificates"
|
||||||
|
|
||||||
|
-- Allow TLS connections with additional, less secure ciphers, for compatibility with older clients.
|
||||||
|
ssl = {
|
||||||
|
protocol = "tlsv1_2+";
|
||||||
|
ciphers = {
|
||||||
|
"ECDHE-ECDSA-AES128-GCM-SHA256";
|
||||||
|
"ECDHE-RSA-AES128-GCM-SHA256";
|
||||||
|
"ECDHE-ECDSA-AES256-GCM-SHA384";
|
||||||
|
"ECDHE-RSA-AES256-GCM-SHA384";
|
||||||
|
"ECDHE-ECDSA-CHACHA20-POLY1305";
|
||||||
|
"ECDHE-RSA-CHACHA20-POLY1305";
|
||||||
|
"DHE-RSA-AES128-GCM-SHA256";
|
||||||
|
"DHE-RSA-AES256-GCM-SHA384";
|
||||||
|
"DHE-RSA-CHACHA20-POLY1305";
|
||||||
|
"ECDHE-ECDSA-AES128-SHA256";
|
||||||
|
"ECDHE-RSA-AES128-SHA256";
|
||||||
|
"ECDHE-ECDSA-AES128-SHA";
|
||||||
|
"ECDHE-RSA-AES128-SHA";
|
||||||
|
"ECDHE-ECDSA-AES256-SHA384";
|
||||||
|
"ECDHE-RSA-AES256-SHA384";
|
||||||
|
"ECDHE-ECDSA-AES256-SHA";
|
||||||
|
"ECDHE-RSA-AES256-SHA";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
-- Listen on all interfaces for component connections.
|
-- Listen on all interfaces for component connections.
|
||||||
component_interface = "0.0.0.0"
|
component_interface = "0.0.0.0"
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user