]>
Commit | Line | Data |
---|---|---|
32ba4314 EK |
1 | --- openssl-1.1.1.orig/include/openssl/ssl.h 2018-09-11 14:48:23.000000000 +0200 |
2 | +++ openssl-1.1.1/include/openssl/ssl.h 2018-11-05 16:55:03.935513159 +0100 | |
3 | @@ -170,11 +170,11 @@ | |
4 | * an application-defined cipher list string starts with 'DEFAULT'. | |
5 | * This applies to ciphersuites for TLSv1.2 and below. | |
6 | */ | |
7 | -# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" | |
8 | +# define SSL_DEFAULT_CIPHER_LIST "TLSv1.3:CHACHA20:HIGH:+DH:+aRSA:+SHA:+kRSA:!aNULL:!eNULL:!SRP:!PSK:!DSS:!AESCCM" | |
9 | /* This is the default set of TLSv1.3 ciphersuites */ | |
10 | # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) | |
11 | -# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ | |
12 | - "TLS_CHACHA20_POLY1305_SHA256:" \ | |
13 | +# define TLS_DEFAULT_CIPHERSUITES "TLS_CHACHA20_POLY1305_SHA256:" \ | |
14 | + "TLS_AES_256_GCM_SHA384:" \ | |
15 | "TLS_AES_128_GCM_SHA256" | |
16 | # else | |
17 | # define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ | |
18 |