mirror of https://github.com/getdnsapi/getdns.git
Adjust default cipher list so required authentication works with getdnsapi.
The previous default cipher string wouldn't connect with getdnsapi. Selection of cipher strings requires some deep study, I think. So, taking working with getdnsapi.net as our target, discover that we need SECURE128 as well as SECURE192. And rather than disable everything except TLS1.2, disable TLS1.0 and TLS1.1. This should mean it connects to TLS1.3.
This commit is contained in:
parent
2759d727e5
commit
e8f34d48fb
|
@ -48,7 +48,7 @@
|
||||||
* a known working priority string.
|
* a known working priority string.
|
||||||
*/
|
*/
|
||||||
char const * const _getdns_tls_context_default_cipher_list =
|
char const * const _getdns_tls_context_default_cipher_list =
|
||||||
"SECURE192:-VERS-ALL:+VERS-TLS1.2";
|
"SECURE128:SECURE192:-VERS-TLS1.0:-VERS-TLS1.1";
|
||||||
|
|
||||||
static char const * const _getdns_tls_connection_opportunistic_cipher_list =
|
static char const * const _getdns_tls_connection_opportunistic_cipher_list =
|
||||||
"NORMAL";
|
"NORMAL";
|
||||||
|
|
Loading…
Reference in New Issue