cosmopolitan/tool
Justine Tunney 53b9f83e1c Make redbean SSL more tunable
This change enables SSL compression. It significantly reduces the
network load of the testing infrastructure, for free, since this
revision didn't need to change any runit protocol code. However we
turn it off by default in redbean since no browsers support it.

It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will
send an SSLv2-style ClientHello. These types of clients are usually ten+
years old and were designed to interop with servers ten years older than
them. Your redbean is now able to interop with these clients even though
redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B
flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c

The following Lua APIs have been added to redbean:

  - ProgramSslCompression(bool)
  - ProgramSslCiphersuite(name:str)
  - ProgramSslPresharedKey(key:str,identity:str)

Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and
with old clients like RHEL5 it's the only perfect forward secrecy they
implement.
2021-08-09 07:38:57 -07:00
..
build Fix build and delete superfluous files 2021-08-09 06:57:14 -07:00
decode Make redbean SSL more tunable 2021-08-09 07:38:57 -07:00
emacs Add SNI support to redbean and improve SSL perf 2021-07-23 13:56:13 -07:00
hash Remove more nonstandard stuff from cosmopolitan.h 2021-03-01 00:18:23 -08:00
net Make redbean SSL more tunable 2021-08-09 07:38:57 -07:00
scripts Get codebase completely working with LLVM 2021-02-09 02:57:32 -08:00
viz Add function for creating hex string literals 2021-08-07 07:05:19 -07:00
tool.mk Make Cosmopolitan ANSI C89 compatible 2021-02-03 17:48:59 -08:00