certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and...

author Matthew Wild <mwild1@gmail.com>

Thu, 21 Nov 2013 02:11:09 +0000 (02:11 +0000)

committer Matthew Wild <mwild1@gmail.com>

Thu, 21 Nov 2013 02:11:09 +0000 (02:11 +0000)
author Matthew Wild <mwild1@gmail.com>
Thu, 21 Nov 2013 02:11:09 +0000 (02:11 +0000)
committer Matthew Wild <mwild1@gmail.com>
Thu, 21 Nov 2013 02:11:09 +0000 (02:11 +0000)
diff --git a/core/certmanager.lua b/core/certmanager.lua

index 976b0a885cd5d179b6e99a22de7d8ca581ed5ac8..d6784a968f68d16c2f7f840576df0fcfc7b63913 100644 (file)
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -70,7 +70,7 @@ function create_context(host, mode, user_ssl_config)
                 options = user_ssl_config.options or default_options;
                 depth = user_ssl_config.depth;
                 curve = user_ssl_config.curve or "secp384r1";
-               ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH+kRSA:!DSS:!3DES:!aNULL";
+               ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL";
                 dhparam = user_ssl_config.dhparam;
         };
author	Matthew Wild <mwild1@gmail.com>
	Thu, 21 Nov 2013 02:11:09 +0000 (02:11 +0000)
committer	Matthew Wild <mwild1@gmail.com>
	Thu, 21 Nov 2013 02:11:09 +0000 (02:11 +0000)