Filtered output of openssl ciphers -tls1 according to these criteria:
SHA256 or SHA384 only
only use ciphers with perfect forward secrecy (ECDHE, DHE)
only use RSA
prefer GCM over CBC
only use AES256 or AES128
This leave exactly 8 ciphers as above.
---
Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/43745375-update-default-ciphers?utm_campaign=plugin&utm_content=tracker%2F462544&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F462544&utm_medium=issues&utm_source=github).
Deprecate SHA1 and use the following ciphers per default:
Filtered output of
openssl ciphers -tls1
according to these criteria:This leave exactly 8 ciphers as above.