aboutsummaryrefslogtreecommitdiff
path: root/openssl/src/ssl
diff options
context:
space:
mode:
authorSteven Fackler <[email protected]>2016-10-30 16:29:33 -0700
committerSteven Fackler <[email protected]>2016-10-30 16:29:33 -0700
commit9abbf6f80e98bbefea60d2410c69a08265cd3808 (patch)
tree783a2a5cf9b22c885abd03db3fc056432cbff4aa /openssl/src/ssl
parentMerge pull request #504 from sfackler/connector-tweaks (diff)
downloadrust-openssl-9abbf6f80e98bbefea60d2410c69a08265cd3808.tar.xz
rust-openssl-9abbf6f80e98bbefea60d2410c69a08265cd3808.zip
Use Python's cipher list on the client side.
Diffstat (limited to 'openssl/src/ssl')
-rw-r--r--openssl/src/ssl/connector.rs7
1 files changed, 5 insertions, 2 deletions
diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs
index c283145e..44e3488c 100644
--- a/openssl/src/ssl/connector.rs
+++ b/openssl/src/ssl/connector.rs
@@ -46,11 +46,14 @@ pub struct ClientConnectorBuilder(SslContextBuilder);
impl ClientConnectorBuilder {
/// Creates a new builder for TLS connections.
///
- /// The default configuration is based off of libcurl's and is subject to change.
+ /// The default configuration is subject to change, and is currently derived from Python.
pub fn new(method: SslMethod) -> Result<ClientConnectorBuilder, ErrorStack> {
let mut ctx = try!(ctx(method));
try!(ctx.set_default_verify_paths());
- try!(ctx.set_cipher_list("ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"));
+ // From https://github.com/python/cpython/blob/c30098c8c6014f3340a369a31df9c74bdbacc269/Lib/ssl.py#L191
+ try!(ctx.set_cipher_list(
+ "ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:ECDH+AES128:\
+ DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:!aNULL:!eNULL:!MD5:!3DES"));
Ok(ClientConnectorBuilder(ctx))
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-13 19:43:45 +0000