From cb1d7589706ba602b543321f5d37afdeecace678 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 1 Sep 2015 15:48:34 +0200 Subject: ssl: change default cipher string to AES:RC4:ALL:\!aNULL:\!eNULL:\!LOW:\!EXPORT:\!SSLv2 --- ssl/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl.h b/ssl/ssl.h index 6fe1a24..b801b05 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -338,7 +338,7 @@ extern "C" { * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" +# define SSL_DEFAULT_CIPHER_LIST "AES:RC4:ALL:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2" /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is -- 1.7.12.1