Skip to content

Commit cd9ff6b

Browse files
daurnimatordaurnimator
committed
http/tls.lua: Add the old_cipher_list
Closes #112
1 parent a74462e commit cd9ff6b

File tree

3 files changed

+60
-0
lines changed

3 files changed

+60
-0
lines changed

NEWS

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ UNRELEASED
33
- Fix incorrect Sec-WebSocket-Protocol negotiation
44
- Fix incorrect timeout handling in `websocket:receive()`
55
- Add workaround to allow being required in openresty (#98)
6+
- Add http.tls.old_cipher_list (#112)
67

78

89
0.2 - 2017-05-28

doc/modules/http.tls.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,11 @@ The [Mozilla "Modern" cipher list](https://wiki.mozilla.org/Security/Server_Side
2424
The [Mozilla "Intermediate" cipher list](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29) as a colon separated list, ready to pass to OpenSSL
2525

2626

27+
### `old_cipher_list` <!-- --> {#http.tls.old_cipher_list}
28+
29+
The [Mozilla "Old" cipher list](https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility) as a colon separated list, ready to pass to OpenSSL
30+
31+
2732
### `banned_ciphers` <!-- --> {#http.tls.banned_ciphers}
2833

2934
A set (table with string keys and values of `true`) of the [ciphers banned in HTTP 2](https://http2.github.io/http2-spec/#BadCipherSuites) where the keys are OpenSSL cipher names.

http/tls.lua

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,59 @@ local intermediate_cipher_list = cipher_list {
6666
"!DSS";
6767
}
6868

69+
-- "Old" cipher list
70+
local old_cipher_list = cipher_list {
71+
"ECDHE-ECDSA-CHACHA20-POLY1305";
72+
"ECDHE-RSA-CHACHA20-POLY1305";
73+
"ECDHE-RSA-AES128-GCM-SHA256";
74+
"ECDHE-ECDSA-AES128-GCM-SHA256";
75+
"ECDHE-RSA-AES256-GCM-SHA384";
76+
"ECDHE-ECDSA-AES256-GCM-SHA384";
77+
"DHE-RSA-AES128-GCM-SHA256";
78+
"DHE-DSS-AES128-GCM-SHA256";
79+
"kEDH+AESGCM";
80+
"ECDHE-RSA-AES128-SHA256";
81+
"ECDHE-ECDSA-AES128-SHA256";
82+
"ECDHE-RSA-AES128-SHA";
83+
"ECDHE-ECDSA-AES128-SHA";
84+
"ECDHE-RSA-AES256-SHA384";
85+
"ECDHE-ECDSA-AES256-SHA384";
86+
"ECDHE-RSA-AES256-SHA";
87+
"ECDHE-ECDSA-AES256-SHA";
88+
"DHE-RSA-AES128-SHA256";
89+
"DHE-RSA-AES128-SHA";
90+
"DHE-DSS-AES128-SHA256";
91+
"DHE-RSA-AES256-SHA256";
92+
"DHE-DSS-AES256-SHA";
93+
"DHE-RSA-AES256-SHA";
94+
"ECDHE-RSA-DES-CBC3-SHA";
95+
"ECDHE-ECDSA-DES-CBC3-SHA";
96+
"EDH-RSA-DES-CBC3-SHA";
97+
"AES128-GCM-SHA256";
98+
"AES256-GCM-SHA384";
99+
"AES128-SHA256";
100+
"AES256-SHA256";
101+
"AES128-SHA";
102+
"AES256-SHA";
103+
"AES";
104+
"DES-CBC3-SHA";
105+
"HIGH";
106+
"SEED";
107+
"!aNULL";
108+
"!eNULL";
109+
"!EXPORT";
110+
"!DES";
111+
"!RC4";
112+
"!MD5";
113+
"!PSK";
114+
"!RSAPSK";
115+
"!aDH";
116+
"!aECDH";
117+
"!EDH-DSS-DES-CBC3-SHA";
118+
"!KRB5-DES-CBC3-SHA";
119+
"!SRP";
120+
}
121+
69122
-- A map from the cipher identifiers used in specifications to
70123
-- the identifiers used by OpenSSL.
71124
local spec_to_openssl = {
@@ -730,6 +783,7 @@ return {
730783
has_hostname_validation = has_hostname_validation;
731784
modern_cipher_list = modern_cipher_list;
732785
intermediate_cipher_list = intermediate_cipher_list;
786+
old_cipher_list = old_cipher_list;
733787
banned_ciphers = banned_ciphers;
734788
new_client_context = new_client_context;
735789
new_server_context = new_server_context;

0 commit comments

Comments
 (0)