From 9609c710c6e3de5415e256737181a924e0ffa9e3 Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Thu, 21 Nov 2013 02:11:09 +0000
Subject: certmanager: Further cipher string tweaking. Re-enable ciphers
 required for DSA and ECDH certs/keys.

---
 core/certmanager.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'core/certmanager.lua')

diff --git a/core/certmanager.lua b/core/certmanager.lua
index 976b0a88..d6784a96 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -70,7 +70,7 @@ function create_context(host, mode, user_ssl_config)
 		options = user_ssl_config.options or default_options;
 		depth = user_ssl_config.depth;
 		curve = user_ssl_config.curve or "secp384r1";
-		ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH+kRSA:!DSS:!3DES:!aNULL";
+		ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL";
 		dhparam = user_ssl_config.dhparam;
 	};
 
-- 
cgit v1.2.3