src: Use "Modern compatibility" ciphers by default

This commit is contained in:
Tatsuhiro Tsujikawa 2017-03-11 23:58:52 +09:00
parent 3f13d33543
commit 51b933c5f0
1 changed files with 6 additions and 12 deletions

View File

@ -45,8 +45,8 @@ public:
LibsslGlobalLock &operator=(const LibsslGlobalLock &) = delete; LibsslGlobalLock &operator=(const LibsslGlobalLock &) = delete;
}; };
// Recommended general purpose "Intermediate compatibility" cipher // Recommended general purpose "Modern compatibility" cipher suites by
// suites by mozilla. // mozilla.
// //
// https://wiki.mozilla.org/Security/Server_Side_TLS // https://wiki.mozilla.org/Security/Server_Side_TLS
// //
@ -68,16 +68,10 @@ constexpr char DEFAULT_CIPHER_LIST[] =
#ifdef TLS1_3_TXT_AES_128_CCM_8_SHA256 #ifdef TLS1_3_TXT_AES_128_CCM_8_SHA256
TLS1_3_TXT_AES_128_CCM_8_SHA256 ":" TLS1_3_TXT_AES_128_CCM_8_SHA256 ":"
#endif // TLS1_3_TXT_AES_128_CCM_8_SHA256 #endif // TLS1_3_TXT_AES_128_CCM_8_SHA256
"ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-" "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-"
"AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-" "CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-"
"SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-" "SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-"
"AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-" "AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
"ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-"
"AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-"
"SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-"
"ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-"
"SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-"
"SHA:DES-CBC3-SHA:!DSS";
constexpr auto NGHTTP2_TLS_MIN_VERSION = TLS1_VERSION; constexpr auto NGHTTP2_TLS_MIN_VERSION = TLS1_VERSION;
#ifdef TLS1_3_VERSION #ifdef TLS1_3_VERSION