On Tue, Aug 27, 2013 at 12:26:18PM -0700, Bryan Talbot wrote: > On Sat, Aug 24, 2013 at 4:29 AM, Erwin Schliske <erwin.schli...@sevenval.com > > wrote: > > > bind 0.0.0.0:443 ssl crt /etc/ssl/private/<concat cert + privkey> > >>>> ciphers ECDHE-RSA-AES256-GCM-SHA384:**ECDHE-ECDSA-AES256-GCM-SHA384:** > >>>> ECDHE-RSA-AES128-GCM-SHA256:**ECDHE-ECDSA-AES128-GCM-SHA256:** > >>>> kEDH+AESGCM:ECDHE-RSA-RC4-SHA:**ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-** > >>>> AES256-SHA384:ECDHE-ECDSA-**AES256-SHA384:ECDHE-RSA-** > >>>> AES256-SHA:ECDHE-ECDSA-AES256-**SHA:ECDHE-RSA-AES128-SHA256:** > >>>> ECDHE-ECDSA-AES128-SHA256:**ECDHE-RSA-AES128-SHA:ECDHE-** > >>>> ECDSA-AES128-SHA:AES256-GCM-**SHA384:AES128-GCM-SHA256:RC4-** > >>>> SHA:HIGH:!aNULL:!eNULL:!**EXPORT:!DES:!3DES:!MD5:!PSK > >>>> > >>> > > Is it possible to define a cipher list, which is for all https services? > > > > > > > Not that I know of, but I'd really like to be able to define a default > cipher list for binds too!
I think that similarly to what we have with "default-server", we'll eventually end up with a "default-bind" directive to put all this boring stuff... But not soon unless someone proposes a clean patch :-) Willy