src: Use "Modern compatibility" ciphers by default

2017-03-11 23:58:52 +09:00 · 2017-03-11 23:58:52 +09:00 · 51b933c5f0
parent 3f13d33543
commit 51b933c5f0
1 changed files with 6 additions and 12 deletions
--- a/src/ssl.h
+++ b/src/ssl.h
@ -45,8 +45,8 @@ public:
  LibsslGlobalLock &operator=(const LibsslGlobalLock &) = delete;
 };
-// Recommended general purpose "Intermediate compatibility" cipher
+// Recommended general purpose "Modern compatibility" cipher suites by
-// suites by mozilla.
+// mozilla.
 //
 // https://wiki.mozilla.org/Security/Server_Side_TLS
 //
@ -68,16 +68,10 @@ constexpr char DEFAULT_CIPHER_LIST[] =
 #ifdef TLS1_3_TXT_AES_128_CCM_8_SHA256
    TLS1_3_TXT_AES_128_CCM_8_SHA256 ":"
 #endif // TLS1_3_TXT_AES_128_CCM_8_SHA256
-    "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-"
+    "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-"
-    "AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-"
+    "CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-"
-    "SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-"
+    "SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-"
-    "AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-"
+    "AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
    "ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-"
    "AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-"
    "SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-"
    "ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-"
    "SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-"
    "SHA:DES-CBC3-SHA:!DSS";
 constexpr auto NGHTTP2_TLS_MIN_VERSION = TLS1_VERSION;
 #ifdef TLS1_3_VERSION