From 5d6068ca9d765122529fbca7cc8241742e259c78 Mon Sep 17 00:00:00 2001
From: onovy <novy@ondrej.org>
Date: Sat, 2 Jan 2016 17:26:31 +0100
Subject: [PATCH] Default SSL ciphers updated to new Mozilla recommendation

---
 src/Socket.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Socket.cpp b/src/Socket.cpp
index 8febe5bd..ab9ffe13 100644
--- a/src/Socket.cpp
+++ b/src/Socket.cpp
@@ -30,7 +30,7 @@
 #ifdef HAVE_LIBSSL
 // Copypasted from
 // https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
-// at 22 Dec 2014
+// at 2016-01-02
 static CString ZNC_DefaultCipher() {
     return "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-"
            "RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-"
@@ -39,7 +39,8 @@ static CString ZNC_DefaultCipher() {
            "AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-"
            "RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-"
            "RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-"
-           "AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:"
+           "AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-"
+           "DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:"
            "AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-"
            "CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-"
            "DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";