]> code.citadel.org Git - citadel.git/blobdiff - citadel/modules/crypto/serv_crypto.h
projects / citadel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
I got a little too eager in removing old cruft from the TLS code. Not setting the...
[citadel.git] / citadel / modules / crypto / serv_crypto.h
diff --git a/citadel/modules/crypto/serv_crypto.h b/citadel/modules/crypto/serv_crypto.h
index 90c8d2604132a265d87ab566711040bec4c5dc05..4cef7e43b4b1a55bffcf60ccccf47fe3bd5cc053 100644 (file)
--- a/citadel/modules/crypto/serv_crypto.h
+++ b/citadel/modules/crypto/serv_crypto.h
@@ -2,13 +2,11 @@
 /*
  * Number of days for which self-signed certs are valid.
  */
-#define SIGN_DAYS      3650    /* Ten years */
+#define SIGN_DAYS      1100    // Just over three years
 
-/* Shared Diffie-Hellman parameters */
-#define DH_P           "1A74527AEE4EE2568E85D4FB2E65E18C9394B9C80C42507D7A6A0DBE9A9A54B05A9A96800C34C7AA5297095B69C88901EEFD127F969DCA26A54C0E0B5C5473EBAEB00957D2633ECAE3835775425DE66C0DE6D024DBB17445E06E6B0C78415E589B8814F08531D02FD43778451E7685541079CFFB79EF0D26EFEEBBB69D1E80383"
-#define DH_G           "2"
-#define DH_L           1024
-#define CIT_CIPHERS    "ALL:RC4+RSA:+SSLv2:+TLSv1:!MD5:@STRENGTH"      /* see ciphers(1) */
+// Which ciphers will be offered; see https://www.openssl.org/docs/manmaster/man1/ciphers.html
+//#define CIT_CIPHERS  "ALL:RC4+RSA:+SSLv2:+TLSv1:!MD5:@STRENGTH"
+#define CIT_CIPHERS    "DEFAULT"
 
 #ifdef HAVE_OPENSSL
 #define OPENSSL_NO_KRB5                /* work around redhat b0rken ssl headers */
Citadel server, clients, utilities