From 05a9e03d5392103e2e17b0d3da58532ef5b3f671 Mon Sep 17 00:00:00 2001
From: Mathieu Pasquet <mathieui@mathieui.net>
Date: Wed, 15 Jan 2014 18:28:23 +0100
Subject: Add a configurable way of setting cipher suites

And put reasonable defaults
---
 data/default_config.cfg | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'data')

diff --git a/data/default_config.cfg b/data/default_config.cfg
index ace8907a..17d74745 100644
--- a/data/default_config.cfg
+++ b/data/default_config.cfg
@@ -41,11 +41,17 @@ resource =
 # Make sure the server you're using accepts anonymous authentication
 server = anon.jeproteste.info
 
-# SSL Certificate fingerprint
+# TLS Certificate fingerprint
 # Do not touch this if you don’t know what you are doing
 certificate =
 
-# Skip the SSL certificate fingerprint verification
+# List of ciphers allowed when connecting to the server,
+# this list prioritizes forward secrecy and forbids anything
+# weaker than 128 bits.
+# You should probably leave it as it is
+ciphers = HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL
+
+# Skip the TLS certificate fingerprint verification
 # Should be false in most cases, as you want to check that the server keeps
 # the same certificate.
 ignore_certificate = false
-- 
cgit v1.2.3