Adjust default cipher list so required authentication works with getdnsapi.

The previous default cipher string wouldn't connect with getdnsapi.
Selection of cipher strings requires some deep study, I think.

So, taking working with getdnsapi.net as our target, discover that we
need SECURE128 as well as SECURE192. And rather than disable everything
except TLS1.2, disable TLS1.0 and TLS1.1. This should mean it connects
to TLS1.3.
This commit is contained in:
Jim Hague 2018-12-13 12:04:01 +00:00
parent 2759d727e5
commit e8f34d48fb
1 changed files with 1 additions and 1 deletions

View File

@ -48,7 +48,7 @@
* a known working priority string. * a known working priority string.
*/ */
char const * const _getdns_tls_context_default_cipher_list = char const * const _getdns_tls_context_default_cipher_list =
"SECURE192:-VERS-ALL:+VERS-TLS1.2"; "SECURE128:SECURE192:-VERS-TLS1.0:-VERS-TLS1.1";
static char const * const _getdns_tls_connection_opportunistic_cipher_list = static char const * const _getdns_tls_connection_opportunistic_cipher_list =
"NORMAL"; "NORMAL";