Improve proxy.config.ssl.client.cipher_suite defaults

[djcarlin]

proxy.config.ssl.server.cipher_suite has a default list of ciphers, but the proxy.config.ssl.client.cipher_suite default list is NULL (everything openssl supports). One of our devs noticed this causes TLS negotiation failures with some 3rd party origins when using ATS as a forward proxy for external origins.

Should the proxy.config.ssl.client.cipher_suite default at a minimum match default value of proxy.config.ssl.server.cipher_suite? This solved our problems vs. using NULL.

May want to review contents of proxy.config.ssl.server.cipher_suite anyways. And add proxy.config.ssl.client.cipher_suite to the docs.

[bryancall]

@shinrich Can you set a default value for proxy.config.ssl.client.cipher_suite?

[shinrich]

Will work on that. May want the default to be broader for the ATS acting as a client? I think in our forward proxy mode deployment that is what we do. But unclear how much broader. Will review and put up a PR next week.

[zwoop]

Maybe also do an overhaul of the current defaults for all cipher configs? Running e.g. sslabs on Docs:

https://www.ssllabs.com/ssltest/analyze.html?d=docs.trafficserver.apache.org&s=104.239.143.16&latest

[shinrich]

Should also set defaults for the TLS1.3 ciphers.