From d3b762824a7a1039998c94cc6e9f3ffc67b9d7ec Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 21 Nov 2013 02:11:09 +0000 Subject: certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys. --- core/certmanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/certmanager.lua b/core/certmanager.lua index 976b0a88..d6784a96 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -70,7 +70,7 @@ function create_context(host, mode, user_ssl_config) options = user_ssl_config.options or default_options; depth = user_ssl_config.depth; curve = user_ssl_config.curve or "secp384r1"; - ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH+kRSA:!DSS:!3DES:!aNULL"; + ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL"; dhparam = user_ssl_config.dhparam; }; -- cgit v1.2.3