As various ssl implementations have different ideas about which dh key lengths are acceptable, refrain from standard dh altogether (and not only from anonymous dh) to avoid handshake problems.
Signed-off-by: Klaus Aehlig <[email protected]> --- src/Ganeti/Constants.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Ganeti/Constants.hs b/src/Ganeti/Constants.hs index 86c8c95..7291957 100644 --- a/src/Ganeti/Constants.hs +++ b/src/Ganeti/Constants.hs @@ -609,7 +609,7 @@ rsaKeyBits = 2048 -- after it's been removed. Use the "openssl" utility to check the -- allowed ciphers, e.g. "openssl ciphers -v HIGH:-DES". opensslCiphers :: String -opensslCiphers = "HIGH:-DES:-3DES:-EXPORT:-ADH" +opensslCiphers = "HIGH:-DES:-3DES:-EXPORT:-DH" -- * X509 -- 2.6.0.rc2.230.g3dd15c0
