certmanager: Update default cipher string to prefer forward-secrecy over cipher stren...
authorMatthew Wild <mwild1@gmail.com>
Sun, 10 Nov 2013 18:46:48 +0000 (18:46 +0000)
committerMatthew Wild <mwild1@gmail.com>
Sun, 10 Nov 2013 18:46:48 +0000 (18:46 +0000)
core/certmanager.lua

index 0503f40e903efe82edf28a386c3e52ac337d92ec..1a8da6a618b91cbaaab8a56a0fcf2ec84c5c7d57 100644 (file)
@@ -70,7 +70,7 @@ function create_context(host, mode, user_ssl_config)
                options = user_ssl_config.options or default_options;
                depth = user_ssl_config.depth;
                curve = user_ssl_config.curve or "secp384r1";
-               ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH";
+               ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH+kRSA:!DSS:!3DES:!aNULL";
                dhparam = user_ssl_config.dhparam;
        };