certmanager: Update default cipher string to prefer forward-secrecy over cipher stren...

author Matthew Wild <mwild1@gmail.com>

Sun, 10 Nov 2013 18:46:48 +0000 (18:46 +0000)

committer Matthew Wild <mwild1@gmail.com>

Sun, 10 Nov 2013 18:46:48 +0000 (18:46 +0000)
author Matthew Wild <mwild1@gmail.com>
Sun, 10 Nov 2013 18:46:48 +0000 (18:46 +0000)
committer Matthew Wild <mwild1@gmail.com>
Sun, 10 Nov 2013 18:46:48 +0000 (18:46 +0000)
diff --git a/core/certmanager.lua b/core/certmanager.lua

index 0503f40e903efe82edf28a386c3e52ac337d92ec..1a8da6a618b91cbaaab8a56a0fcf2ec84c5c7d57 100644 (file)
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -70,7 +70,7 @@ function create_context(host, mode, user_ssl_config)
                 options = user_ssl_config.options or default_options;
                 depth = user_ssl_config.depth;
                 curve = user_ssl_config.curve or "secp384r1";
-               ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH";
+               ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH+kRSA:!DSS:!3DES:!aNULL";
                 dhparam = user_ssl_config.dhparam;
         };
author	Matthew Wild <mwild1@gmail.com>
	Sun, 10 Nov 2013 18:46:48 +0000 (18:46 +0000)
committer	Matthew Wild <mwild1@gmail.com>
	Sun, 10 Nov 2013 18:46:48 +0000 (18:46 +0000)