conf-ciphers


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

# This is the list of ciphers to use. Sample for TLS < 1.3:

ALL:!EXP:!MD5:!RC4:!ADH:!DES:!3DES:!PSK:!aNULL

# This is the list of ciphers to use. Sample for TLS 1.3:

TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384

Comment:

a) CHACHA20_POLY1305 has preference (hardest to break)
b) AES_128_GCM comes next (-> GCM is 128 bit only!)
c) AES_256_GCM is last (AES is mostly HW accelerated)

# An empty name means use the ciphers compiled into openssl.