[mod_openssl] fix default cipher string

9 years ago · 09002ad827
parent 5e30919291
commit 09002ad827
2 changed files with 2 additions and 2 deletions
--- a/doc/mod_openssl.xml
+++ b/doc/mod_openssl.xml
@ -16,7 +16,7 @@
 					<short>file containing the intermediate certificates</short>
 				</entry>
 				<entry name="ciphers">
-					<short>OpenSSL ciphers string</short>
+					<short>OpenSSL ciphers string (default: "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK")</short>
 				</entry>
 				<entry name="dh-params">
 					<short>filename with generated dh-params (default: fixed 4096-bit parameters)</short>
--- a/src/modules/mod_openssl.c
+++ b/src/modules/mod_openssl.c
@ -493,7 +493,7 @@ static gboolean openssl_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
 	STACK_OF(X509_NAME) *client_ca_list;

 	const char
-		*default_ciphers = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM",
+		*default_ciphers = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK",
 		*default_ecdh_curve = "prime256v1";

 	/* setup defaults */