certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and...
authorMatthew Wild <mwild1@gmail.com>
Thu, 21 Nov 2013 02:11:09 +0000 (02:11 +0000)
committerMatthew Wild <mwild1@gmail.com>
Thu, 21 Nov 2013 02:11:09 +0000 (02:11 +0000)
core/certmanager.lua

index 976b0a885cd5d179b6e99a22de7d8ca581ed5ac8..d6784a968f68d16c2f7f840576df0fcfc7b63913 100644 (file)
@@ -70,7 +70,7 @@ function create_context(host, mode, user_ssl_config)
                options = user_ssl_config.options or default_options;
                depth = user_ssl_config.depth;
                curve = user_ssl_config.curve or "secp384r1";
-               ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH+kRSA:!DSS:!3DES:!aNULL";
+               ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL";
                dhparam = user_ssl_config.dhparam;
        };