From 07a71ad6aaaa44203609b5a7d22bea3e5bb40a4f Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Sun, 10 Nov 2013 18:46:48 +0000
Subject: certmanager: Update default cipher string to prefer forward-secrecy
 over cipher strength and to disable triple-DES (weaker and much slower than
 AES)

---
 core/certmanager.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'core/certmanager.lua')

diff --git a/core/certmanager.lua b/core/certmanager.lua
index 0503f40e..1a8da6a6 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -70,7 +70,7 @@ function create_context(host, mode, user_ssl_config)
 		options = user_ssl_config.options or default_options;
 		depth = user_ssl_config.depth;
 		curve = user_ssl_config.curve or "secp384r1";
-		ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH";
+		ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH+kRSA:!DSS:!3DES:!aNULL";
 		dhparam = user_ssl_config.dhparam;
 	};
 
-- 
cgit v1.2.3