[mod_openssl] allow all authentication methods in default cipher string

The details depend on the server key anyway; with the new default string ecdsa keys work out of the box. Change-Id: I7229f899ffd8dca5740767f9832980198b4f7bee
9 years ago · f144349c72
parent fc02dcf9e2
commit f144349c72
2 changed files with 2 additions and 2 deletions
--- a/doc/mod_openssl.xml
+++ b/doc/mod_openssl.xml
@ -16,7 +16,7 @@
 					<short>file containing the intermediate certificates</short>
 				</entry>
 				<entry name="ciphers">
-					<short>OpenSSL ciphers string (default: "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK")</short>
+					<short>OpenSSL ciphers string (default: "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK")</short>
 				</entry>
 				<entry name="dh-params">
 					<short>filename with generated dh-params (default: fixed 4096-bit parameters)</short>
--- a/src/modules/mod_openssl.c
+++ b/src/modules/mod_openssl.c
@ -493,7 +493,7 @@ static gboolean openssl_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
 	STACK_OF(X509_NAME) *client_ca_list;

 	const char
-		*default_ciphers = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK",
+		*default_ciphers = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK",
 		*default_ecdh_curve = "prime256v1";

 	/* setup defaults */