Never use crappy cipher suites (fixes #945)

2014-11-12 10:47:34 +01:00 · 2014-11-12 10:47:34 +01:00 · 1795e0a290
parent c959f59581
commit 1795e0a290
1 changed files with 8 additions and 0 deletions
--- a/cmd/syncthing/main.go
+++ b/cmd/syncthing/main.go
@ -441,6 +441,14 @@ func syncthingMain() {
 		SessionTicketsDisabled: true,
 		InsecureSkipVerify:     true,
 		MinVersion:             tls.VersionTLS12,
+		CipherSuites: []uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+		},
 	}

 	// If the read or write rate should be limited, set up a rate limiter for it.