OpenSSL: Adjust ciphersuite order and update documentation

diff --git a/librb/src/openssl_ratbox.h b/librb/src/openssl_ratbox.h
index b2d033c982259fdfd52b6a2599820a81bc04b5cf..bbb5cf6a61a453372ebc33c2aa1e5ad036e3f231 100644 (file)
--- a/librb/src/openssl_ratbox.h
+++ b/librb/src/openssl_ratbox.h
@@ -90,11 +90,38 @@
 
 
 /*
- * Default supported ciphersuites (if the user does not provide any) and curves (OpenSSL 1.0.2+)
- * Hardcoded secp384r1 (P-384) is used on OpenSSL 1.0.0 and 1.0.1 (if available).
+ * Default supported ciphersuites (if the user does not provide any) and
+ * curves (OpenSSL 1.0.2+). Hardcoded secp384r1 (NIST P-384) is used on
+ * OpenSSL 1.0.0 and 1.0.1 (if available).
+ *
+ * We prefer AEAD ciphersuites first in order of strength, then SHA2
+ * ciphersuites, then remaining suites.
  */
 
-static const char rb_default_ciphers[] = "kEECDH+HIGH:kEDH+HIGH:HIGH:!aNULL";
+static const char rb_default_ciphers[] = ""
+       "aECDSA+kEECDH+CHACHA20:"
+       "aRSA+kEECDH+CHACHA20:"
+       "aRSA+kEDH+CHACHA20:"
+       "aECDSA+kEECDH+AESGCM:"
+       "aRSA+kEECDH+AESGCM:"
+       "aRSA+kEDH+AESGCM:"
+       "aECDSA+kEECDH+AESCCM:"
+       "aRSA+kEECDH+AESCCM:"
+       "aRSA+kEDH+AESCCM:"
+       "@STRENGTH:"
+       "aECDSA+kEECDH+HIGH+SHA384:"
+       "aRSA+kEECDH+HIGH+SHA384:"
+       "aRSA+kEDH+HIGH+SHA384:"
+       "aECDSA+kEECDH+HIGH+SHA256:"
+       "aRSA+kEECDH+HIGH+SHA256:"
+       "aRSA+kEDH+HIGH+SHA256:"
+       "aECDSA+kEECDH+HIGH:"
+       "aRSA+kEECDH+HIGH:"
+       "aRSA+kEDH+HIGH:"
+       "HIGH:"
+       "!3DES:"
+       "!aNULL";
+
 #ifdef LRB_HAVE_TLS_SET_CURVES
 static const char rb_default_curves[] = "P-521:P-384:P-256";
 #endif