From 3a3739e90a2a9c3665ab5be2fd29da08e2c39e80 Mon Sep 17 00:00:00 2001 From: Philipp Schafft Date: Sun, 25 Nov 2018 18:50:33 +0000 Subject: [PATCH] Update: Updated default list of OpenSSL ciphers. This updates to the Mozilla Foundation's "Intermediate" list as of the time of this commit. The list is appended with several negative rules that we included before. --- src/cfgfile.c | 64 ++++++++++++++++++++++++++++----------------------- 1 file changed, 35 insertions(+), 29 deletions(-) diff --git a/src/cfgfile.c b/src/cfgfile.c index 0790d3e0..f2184b13 100644 --- a/src/cfgfile.c +++ b/src/cfgfile.c @@ -78,35 +78,41 @@ #define CONFIG_DEFAULT_RELAY_SERVER "127.0.0.1" #define CONFIG_DEFAULT_RELAY_PORT 80 #define CONFIG_DEFAULT_RELAY_MOUNT "/" -#define CONFIG_DEFAULT_CIPHER_LIST "ECDHE-RSA-AES128-GCM-SHA256:"\ - "ECDHE-ECDSA-AES128-GCM-SHA256:"\ - "ECDHE-RSA-AES256-GCM-SHA384:"\ - "ECDHE-ECDSA-AES256-GCM-SHA384:"\ - "DHE-RSA-AES128-GCM-SHA256:"\ - "DHE-DSS-AES128-GCM-SHA256:"\ - "kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:"\ - "ECDHE-ECDSA-AES128-SHA256:"\ - "ECDHE-RSA-AES128-SHA:"\ - "ECDHE-ECDSA-AES128-SHA:"\ - "ECDHE-RSA-AES256-SHA384:"\ - "ECDHE-ECDSA-AES256-SHA384:"\ - "ECDHE-RSA-AES256-SHA:"\ - "ECDHE-ECDSA-AES256-SHA:"\ - "DHE-RSA-AES128-SHA256:"\ - "DHE-RSA-AES128-SHA:"\ - "DHE-DSS-AES128-SHA256:"\ - "DHE-RSA-AES256-SHA256:"\ - "DHE-DSS-AES256-SHA:"\ - "DHE-RSA-AES256-SHA:"\ - "ECDHE-RSA-DES-CBC3-SHA:"\ - "ECDHE-ECDSA-DES-CBC3-SHA:"\ - "AES128-GCM-SHA256:AES256-GCM-SHA384:"\ - "AES128-SHA256:AES256-SHA256:"\ - "AES128-SHA:AES256-SHA:AES:"\ - "DES-CBC3-SHA:HIGH:!aNULL:!eNULL:"\ - "!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:"\ - "!EDH-DSS-DES-CBC3-SHA:"\ - "!EDH-RSA-DES-CBC3-SHA:"\ +#define CONFIG_DEFAULT_CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305:" \ + "ECDHE-RSA-CHACHA20-POLY1305:" \ + "ECDHE-ECDSA-AES128-GCM-SHA256:" \ + "ECDHE-RSA-AES128-GCM-SHA256:" \ + "ECDHE-ECDSA-AES256-GCM-SHA384:" \ + "ECDHE-RSA-AES256-GCM-SHA384:" \ + "DHE-RSA-AES128-GCM-SHA256:" \ + "DHE-RSA-AES256-GCM-SHA384:" \ + "ECDHE-ECDSA-AES128-SHA256:" \ + "ECDHE-RSA-AES128-SHA256:" \ + "ECDHE-ECDSA-AES128-SHA:" \ + "ECDHE-RSA-AES256-SHA384:" \ + "ECDHE-RSA-AES128-SHA:" \ + "ECDHE-ECDSA-AES256-SHA384:" \ + "ECDHE-ECDSA-AES256-SHA:" \ + "ECDHE-RSA-AES256-SHA:" \ + "DHE-RSA-AES128-SHA256:" \ + "DHE-RSA-AES128-SHA:" \ + "DHE-RSA-AES256-SHA256:" \ + "DHE-RSA-AES256-SHA:" \ + "ECDHE-ECDSA-DES-CBC3-SHA:" \ + "ECDHE-RSA-DES-CBC3-SHA:" \ + "EDH-RSA-DES-CBC3-SHA:" \ + "AES128-GCM-SHA256:" \ + "AES256-GCM-SHA384:" \ + "AES128-SHA256:" \ + "AES256-SHA256:" \ + "AES128-SHA:" \ + "AES256-SHA:" \ + "DES-CBC3-SHA:" \ + "!DSS:" \ + "!aNULL:!eNULL:" \ + "!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:" \ + "!EDH-DSS-DES-CBC3-SHA:" \ + "!EDH-RSA-DES-CBC3-SHA:" \ "!KRB5-DES-CBC3-SHA" #ifndef _WIN32