[glib-networking: 51/129] Add a more secure cypher list

[Michael Catanzaro <mcatanzaro src gnome org>]

commit 8d0ab8c39f5f8f279c185f3f9f7694020819cc3d
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date:   Wed Sep 27 16:07:02 2017 +0200

    Add a more secure cypher list

 tls/openssl/gtlsserverconnection-openssl.c | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)
---
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index ee5e8db..cd98128 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -45,6 +45,27 @@ enum
   PROP_AUTHENTICATION_MODE
 };
 
+static const gchar DEFAULT_CIPHER_LIST[] =
+  "ECDHE-RSA-AES128-SHA:"
+  "ECDHE-RSA-AES128-GCM-SHA256:"
+  "ECDHE-RSA-AES256-GCM-SHA384:"
+  "ECDHE-RSA-AES128-SHA256:"
+  "ECDHE-RSA-AES256-SHA:"
+  "ECDHE-RSA-AES256-SHA384:"
+  "AES128-SHA:"
+  "AES128-GCM-SHA256:"
+  "AES256-GCM-SHA384:"
+  "AES128-SHA256:"
+  "AES256-SHA:"
+  "AES256-SHA256:"
+  "DHE-RSA-AES128-SHA:"
+  "DHE-RSA-AES128-GCM-SHA256:"
+  "DHE-RSA-AES256-GCM-SHA384:"
+  "DHE-RSA-AES128-SHA256:"
+  "DHE-RSA-AES256-SHA:"
+  "DHE-RSA-AES256-SHA256:"
+  "DES-CBC3-SHA";
+
 static void g_tls_server_connection_openssl_initable_interface_init (GInitableIface  *iface);
 
 static void g_tls_server_connection_openssl_server_connection_interface_init (GTlsServerConnectionInterface 
*iface);
@@ -289,7 +310,7 @@ g_tls_server_connection_openssl_initable_init (GInitable       *initable,
 
   SSL_CTX_add_session (priv->ssl_ctx, priv->session);
 
-  SSL_CTX_set_cipher_list (priv->ssl_ctx, "HIGH:!DSS:!aNULL@STRENGTH");
+  SSL_CTX_set_cipher_list (priv->ssl_ctx, DEFAULT_CIPHER_LIST);
 
   priv->ssl = SSL_new (priv->ssl_ctx);
   if (priv->ssl == NULL)