update default -rpcsslciphers to include TLSv1.2

- this extends the accepted ciphersuites with TLSv1.2 ones - also removes !AH, as I could not find documentation on it and the change did not result in a changed ciphersuite list (checked via openssl ciphers -v) - closes #3096 (which also contains more details)
author: Philip Kaufmann <phil.kaufmann@t-online.de> 2013-10-17 16:11:25 +0200
committer: Philip Kaufmann <phil.kaufmann@t-online.de> 2013-10-17 16:11:25 +0200
commit: 1728bf0873590c6905e892044f9f87ee97ff3dbc (patch)
tree: 8c8c8b66351b6f24953532710ea5d0b09fce387c /src/bitcoinrpc.cpp
parent: a5bba245a3a5fabd037b3812e9d987dfc94a8fcf (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bitcoinrpc.cpp b/src/bitcoinrpc.cpp
index 798660dff3..2a9ced509c 100644
--- a/src/bitcoinrpc.cpp
+++ b/src/bitcoinrpc.cpp
@@ -809,7 +809,7 @@ void StartRPCThreads()
         if (filesystem::exists(pathPKFile)) rpc_ssl_context->use_private_key_file(pathPKFile.string(), ssl::context::pem);
         else LogPrintf("ThreadRPCServer ERROR: missing server private key file %s\n", pathPKFile.string().c_str());
 
-        string strCiphers = GetArg("-rpcsslciphers", "TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH");
+        string strCiphers = GetArg("-rpcsslciphers", "TLSv1.2+HIGH:TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH");
         SSL_CTX_set_cipher_list(rpc_ssl_context->impl(), strCiphers.c_str());
     }
author	Philip Kaufmann <phil.kaufmann@t-online.de>	2013-10-17 16:11:25 +0200
committer	Philip Kaufmann <phil.kaufmann@t-online.de>	2013-10-17 16:11:25 +0200
commit	1728bf0873590c6905e892044f9f87ee97ff3dbc (patch)
tree	8c8c8b66351b6f24953532710ea5d0b09fce387c /src/bitcoinrpc.cpp
parent	a5bba245a3a5fabd037b3812e9d987dfc94a8fcf (diff)