diff options
| author | April King <april@mozilla.com> | 2019-06-27 23:24:18 +0300 |
|---|---|---|
| committer | April King <april@mozilla.com> | 2019-06-27 23:24:18 +0300 |
| commit | d138d9ef22f2443bb74f9495ab2c28d9b24d2c87 (patch) | |
| tree | acbb1ba7657010e1a8e04ebc7593aed052748091 /config | |
| parent | f701c189ffae7c0317ff13811db1b2d4c22ab8c1 (diff) | |
Tentatively reordering some ciphers
Diffstat (limited to 'config')
| -rw-r--r-- | config/server-side-tls-conf-5.0.json | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/config/server-side-tls-conf-5.0.json b/config/server-side-tls-conf-5.0.json index d8e4062..020c90b 100644 --- a/config/server-side-tls-conf-5.0.json +++ b/config/server-side-tls-conf-5.0.json @@ -4,8 +4,8 @@ "modern": { "openssl_ciphers": [], "openssl_ciphersuites": [ - "TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256" ], "tls_versions": ["TLSv1.3"], @@ -24,18 +24,18 @@ }, "intermediate": { "openssl_ciphers": [ - "ECDHE-ECDSA-AES256-GCM-SHA384", - "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", - "DHE-RSA-AES256-GCM-SHA384", - "DHE-RSA-AES128-GCM-SHA256" + "DHE-RSA-AES128-GCM-SHA256", + "DHE-RSA-AES256-GCM-SHA384" ], "openssl_ciphersuites": [ - "TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256" ], "tls_versions": ["TLSv1.2", "TLSv1.3"], @@ -49,22 +49,22 @@ "hsts_min_age": 63072000, "oldest_clients": ["Firefox 27", "Android 4.4.2", "Chrome 31", "Edge", "IE 11 on Windows 7", "Java 8u31", "OpenSSL 1.0.1", "Opera 20", "Safari 9"], "ocsp_staple": true, - "server_preferred_order": true, + "server_preferred_order": false, "maximum_certificate_lifespan": 730 }, "old": { "openssl_ciphers": [ - "ECDHE-ECDSA-AES256-GCM-SHA384", - "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", - "DHE-RSA-AES256-GCM-SHA384", "DHE-RSA-AES128-GCM-SHA256", + "DHE-RSA-AES256-GCM-SHA384", "DHE-RSA-CHACHA20-POLY1305", - "DHE-DSS-AES256-GCM-SHA384", "DHE-DSS-AES128-GCM-SHA256", + "DHE-DSS-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA", @@ -120,8 +120,8 @@ "SEED-SHA" ], "openssl_ciphersuites": [ - "TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256" ], "tls_versions": ["TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"], |