We shouldn't hardcode a list of ciphers. It should always be a runtime configurable list. Furthermore, restricting the ciphers is only part of the security recommendations: TLS methods, curves and so on must also be considered.
This patch deprecates the constants and makes the related methods as NOOP since they didn't work as expected on OpenSSL 1.1 and later, as they only changed the cipher suites for TLS v1.3 (identical to default, at least for OpenSSL 1.1.1f) and didn't change the ciphers list for TLS v1.2 and below (oops).
We shouldn't hardcode a list of ciphers. It should always be a runtime configurable list. Furthermore, restricting the ciphers is only part of the security recommendations: TLS methods, curves and so on must also be considered.
This patch deprecates the constants and makes the related methods as NOOP since they didn't work as expected on OpenSSL 1.1 and later, as they only changed the cipher suites for TLS v1.3 (identical to default, at least for OpenSSL 1.1.1f) and didn't change the ciphers list for TLS v1.2 and below (oops).
follow up to #14655 and #14656