Commit dfb5aa6d authored by Albert ten Napel's avatar Albert ten Napel Committed by Matt Holt

caddytls: Remove weak cipher suites from the defaults. (#2227)

parent f56696f4
...@@ -623,8 +623,6 @@ var defaultCiphers = []uint16{ ...@@ -623,8 +623,6 @@ var defaultCiphers = []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
} }
// List of ciphers we should prefer if native AESNI support is missing // List of ciphers we should prefer if native AESNI support is missing
...@@ -639,8 +637,6 @@ var defaultCiphersNonAESNI = []uint16{ ...@@ -639,8 +637,6 @@ var defaultCiphersNonAESNI = []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
} }
// getPreferredDefaultCiphers returns an appropriate cipher suite to use, depending on // getPreferredDefaultCiphers returns an appropriate cipher suite to use, depending on
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment