# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1384109208 0
# Node ID 9586979058b8a42d99eaa9595a57312a3d198f1f
# Parent  071a7e461ae70b934bf65bba962df8aea3538ea3
certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES)

diff -r 071a7e461ae7 -r 9586979058b8 core/certmanager.lua
--- a/core/certmanager.lua	Sun Nov 10 16:43:10 2013 +0000
+++ b/core/certmanager.lua	Sun Nov 10 18:46:48 2013 +0000
@@ -70,7 +70,7 @@
 		options = user_ssl_config.options or default_options;
 		depth = user_ssl_config.depth;
 		curve = user_ssl_config.curve or "secp384r1";
-		ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH";
+		ciphers = user_ssl_config.ciphers or "HIGH+kEDH:HIGH+kEECDH:HIGH+kRSA:!DSS:!3DES:!aNULL";
 		dhparam = user_ssl_config.dhparam;
 	};