# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1373717724 -3600
# Node ID a1b0cfebeeba921a148308176760a52e0e8026dc
# Parent  72a1f769c36fbd4796ecae1ef101a7a48e2e408c
certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.

diff -r 72a1f769c36f -r a1b0cfebeeba core/certmanager.lua
--- a/core/certmanager.lua	Thu Jul 11 15:08:47 2013 +0100
+++ b/core/certmanager.lua	Sat Jul 13 13:15:24 2013 +0100
@@ -68,6 +68,7 @@
 		options = user_ssl_config.options or default_options;
 		depth = user_ssl_config.depth;
 		curve = user_ssl_config.curve or "secp384r1";
+		ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH";
 		dhparam = user_ssl_config.dhparam;
 	};