IncludeOS
IncludeOS copied to clipboard
Use default ciphers in OpenSSL
.. so that it works in more (if not all) places. Still disable SSLv3.
https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ has the following list.
ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
I think we should make it configurable from the service but with a sane default