From 05a9e03d5392103e2e17b0d3da58532ef5b3f671 Mon Sep 17 00:00:00 2001
From: Mathieu Pasquet <mathieui@mathieui.net>
Date: Wed, 15 Jan 2014 18:28:23 +0100
Subject: Add a configurable way of setting cipher suites

And put reasonable defaults
---
 src/connection.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/connection.py')

diff --git a/src/connection.py b/src/connection.py
index b60f3b71..fed43d88 100644
--- a/src/connection.py
+++ b/src/connection.py
@@ -61,6 +61,9 @@ class Connection(sleekxmpp.ClientXMPP):
         self.auto_reconnect = True if config.get('auto_reconnect', 'false').lower() in ('true', '1') else False
         self.reconnect_max_attempts = 0
         self.auto_authorize = None
+        # prosody defaults, lowest is AES128-SHA, it should be a minimum
+        # for anything that came out after 2002
+        self.ciphers = config.get('ciphers', 'HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL')
         self.ca_certs = config.get('ca_cert_path', '') or None
         interval = config.get('whitespace_interval', '300')
         if interval.isdecimal() and int(interval) > 0:
-- 
cgit v1.2.3