From 0d1060f21efe81454f59f75d12f2798ba0566130 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 12 Mar 2015 23:16:28 +0100
Subject: openssl: sort the ciphers on strength

This makes curl pick better (stronger) ciphers by default. The strongest
available ciphers are fine according to the HTTP/2 spec so an OpenSSL
built curl is no longer rejected by string HTTP/2 servers.

Bug: http://curl.haxx.se/bug/view.cgi?id=1487
---
 lib/vtls/openssl.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib/vtls/openssl.h')

diff --git a/lib/vtls/openssl.h b/lib/vtls/openssl.h
index 03c473863..4ba34b0eb 100644
--- a/lib/vtls/openssl.h
+++ b/lib/vtls/openssl.h
@@ -106,7 +106,8 @@ bool Curl_ossl_cert_status_request(void);
 #define curlssl_md5sum(a,b,c,d) Curl_ossl_md5sum(a,b,c,d)
 #define curlssl_cert_status_request() Curl_ossl_cert_status_request()
 
-#define DEFAULT_CIPHER_SELECTION "ALL!EXPORT!EXPORT40!EXPORT56!aNULL!LOW!RC4"
+#define DEFAULT_CIPHER_SELECTION \
+  "ALL!EXPORT!EXPORT40!EXPORT56!aNULL!LOW!RC4@STRENGTH"
 
 #endif /* USE_OPENSSL */
 #endif /* HEADER_CURL_SSLUSE_H */
-- 
cgit v1.2.3