From 67a543adb0bd2ee6ba791ea3329bc6e1d68b6acc Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sun, 10 Nov 2013 18:46:48 +0000 Subject: certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES) --- core/certmanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/certmanager.lua b/core/certmanager.lua index 0503f40e..1a8da6a6 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -70,7 +70,7 @@ function create_context(host, mode, user_ssl_config) options = user_ssl_config.options or default_options; depth = user_ssl_config.depth; curve = user_ssl_config.curve or "secp384r1"; - ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH"; + ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH+kRSA:!DSS:!3DES:!aNULL"; dhparam = user_ssl_config.dhparam; }; -- cgit v1.2.3