local luasec_version = luasec_major * 100 + luasec_minor;
local luasec_has = {
-- TODO If LuaSec ever starts exposing these things itself, use that instead
- cipher_server_preference = true;
+ cipher_server_preference = luasec_version >= 2;
no_ticket = luasec_version >= 4;
no_compression = luasec_version >= 5;
- single_dh_use = luasec_version >= 5;
- single_ecdh_use = luasec_version >= 5;
+ single_dh_use = luasec_version >= 2;
+ single_ecdh_use = luasec_version >= 2;
};
module "certmanager"
-- Built-in defaults
local core_defaults = {
capath = "/etc/ssl/certs";
+ depth = 9;
protocol = "tlsv1+";
verify = (ssl_x509 and { "peer", "client_once", }) or "none";
options = {
key = true, certificate = true, cafile = true, capath = true, dhparam = true
}
-if not luasec_has_verifyext and ssl_x509 then
+if luasec_version < 5 and ssl_x509 then
-- COMPAT mw/luasec-hg
for i=1,#core_defaults.verifyext do -- Remove lsec_ prefix
core_defaults.verify[#core_defaults.verify+1] = core_defaults.verifyext[i]:sub(6);