diff options
author | Daniel Stenberg <daniel@haxx.se> | 2015-03-12 23:16:28 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2015-03-12 23:16:28 +0100 |
commit | 0d1060f21efe81454f59f75d12f2798ba0566130 (patch) | |
tree | f88ddbd9d9aaf98d24b74d66e6e715e5cfab5353 | |
parent | 6d3260af64f45196681ad5a1778e7fba9cf48d1e (diff) |
openssl: sort the ciphers on strength
This makes curl pick better (stronger) ciphers by default. The strongest
available ciphers are fine according to the HTTP/2 spec so an OpenSSL
built curl is no longer rejected by string HTTP/2 servers.
Bug: http://curl.haxx.se/bug/view.cgi?id=1487
-rw-r--r-- | lib/vtls/openssl.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/vtls/openssl.h b/lib/vtls/openssl.h index 03c473863..4ba34b0eb 100644 --- a/lib/vtls/openssl.h +++ b/lib/vtls/openssl.h @@ -106,7 +106,8 @@ bool Curl_ossl_cert_status_request(void); #define curlssl_md5sum(a,b,c,d) Curl_ossl_md5sum(a,b,c,d) #define curlssl_cert_status_request() Curl_ossl_cert_status_request() -#define DEFAULT_CIPHER_SELECTION "ALL!EXPORT!EXPORT40!EXPORT56!aNULL!LOW!RC4" +#define DEFAULT_CIPHER_SELECTION \ + "ALL!EXPORT!EXPORT40!EXPORT56!aNULL!LOW!RC4@STRENGTH" #endif /* USE_OPENSSL */ #endif /* HEADER_CURL_SSLUSE_H */ |