tls: update default cipher list

Update the default cipher list from RC4-SHA:AES128-SHA:AES256-SHA to ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH in order to mitigate BEAST attacks. The documentation suggested AES256-SHA but unfortunately that's a CBC cipher and therefore susceptible to attacks. Fixes #3900.
author: Ben Noordhuis <info@bnoordhuis.nl> 2012-08-22 00:27:13 +0400
committer: Ben Noordhuis <info@bnoordhuis.nl> 2012-08-22 00:27:13 +0400
commit: badbd1af27f5f3fd07862b8ee7d0810e7ae9ef56 (patch)
tree: 75d58772b7db876a79d2bb2599607cc18c6474f3 /lib
parent: 7c75ca7182872c95c798e192ed28c1c610b1024b (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/tls.js b/lib/tls.js
index 71a2724e149..aaafd526d35 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -29,6 +29,9 @@ var END_OF_FILE = 42;
 var assert = require('assert').ok;
 var constants = require('constants');
 
+var DEFAULT_CIPHERS = 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:' + // TLS 1.2
+                      'RC4:HIGH:!MD5:!aNULL:!EDH'                    // TLS 1.0
+
 // Allow {CLIENT_RENEG_LIMIT} client-initiated session renegotiations
 // every {CLIENT_RENEG_WINDOW} seconds. An error event is emitted if more
 // renegotations are seen. The settings are applied to all remote client
@@ -1031,7 +1034,7 @@ function Server(/* [options], listener */) {
     passphrase: self.passphrase,
     cert: self.cert,
     ca: self.ca,
-    ciphers: self.ciphers || 'RC4-SHA:AES128-SHA:AES256-SHA',
+    ciphers: self.ciphers || DEFAULT_CIPHERS,
     secureProtocol: self.secureProtocol,
     secureOptions: self.secureOptions,
     crl: self.crl,
author	Ben Noordhuis <info@bnoordhuis.nl>	2012-08-22 00:27:13 +0400
committer	Ben Noordhuis <info@bnoordhuis.nl>	2012-08-22 00:27:13 +0400
commit	badbd1af27f5f3fd07862b8ee7d0810e7ae9ef56 (patch)
tree	75d58772b7db876a79d2bb2599607cc18c6474f3 /lib
parent	7c75ca7182872c95c798e192ed28c1c610b1024b (diff)