diff options
| author | Matthew Wild <mwild1@gmail.com> | 2013-11-10 18:46:48 +0000 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2013-11-10 18:46:48 +0000 |
| commit | b86345f7f761113d5c7a32e588d15e3e2d0a995a (patch) | |
| tree | ff971b23e03bf24b165220a41b8efb650821d7f3 | |
| parent | 748bbf70cd22c0dee6081957885b8f5a40b6b56f (diff) | |
| download | prosody-b86345f7f761113d5c7a32e588d15e3e2d0a995a.tar.gz prosody-b86345f7f761113d5c7a32e588d15e3e2d0a995a.zip | |
certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES)
| -rw-r--r-- | core/certmanager.lua | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index 0503f40e..1a8da6a6 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -70,7 +70,7 @@ function create_context(host, mode, user_ssl_config) options = user_ssl_config.options or default_options; depth = user_ssl_config.depth; curve = user_ssl_config.curve or "secp384r1"; - ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH"; + ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH+kRSA:!DSS:!3DES:!aNULL"; dhparam = user_ssl_config.dhparam; }; |