From 2840e0726ad39ed0d191b15ed4aceb4eb3daa07a Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 13 Jul 2013 13:15:24 +0100 Subject: certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4. --- core/certmanager.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/core/certmanager.lua b/core/certmanager.lua index 4bcac40d..5dee5876 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -68,6 +68,7 @@ function create_context(host, mode, user_ssl_config) options = user_ssl_config.options or default_options; depth = user_ssl_config.depth; curve = user_ssl_config.curve or "secp384r1"; + ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH"; dhparam = user_ssl_config.dhparam; }; -- cgit v1.2.3