From 2840e0726ad39ed0d191b15ed4aceb4eb3daa07a Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Sat, 13 Jul 2013 13:15:24 +0100
Subject: certmanager: Set our own default cipher string, which includes only
 ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables
 RC4.

---
 core/certmanager.lua | 1 +
 1 file changed, 1 insertion(+)

(limited to 'core')

diff --git a/core/certmanager.lua b/core/certmanager.lua
index 4bcac40d..5dee5876 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -68,6 +68,7 @@ function create_context(host, mode, user_ssl_config)
 		options = user_ssl_config.options or default_options;
 		depth = user_ssl_config.depth;
 		curve = user_ssl_config.curve or "secp384r1";
+		ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH";
 		dhparam = user_ssl_config.dhparam;
 	};
 
-- 
cgit v1.2.3