Don't change OpenSSL default cipher suites (#14655)

crystal-lang · Jun 4, 2024 · 42545bc · 42545bc
1 parent 4bc7202
commit 42545bc
Showing 1 changed file with 0 additions and 8 deletions.
diff --git a/src/openssl/ssl/context.cr b/src/openssl/ssl/context.cr
@@ -40,17 +40,13 @@ abstract class OpenSSL::SSL::Context
     # context = OpenSSL::SSL::Context::Client.new
     # context.add_options(OpenSSL::SSL::Options::NO_SSL_V2 | OpenSSL::SSL::Options::NO_SSL_V3)
     # ```
-    #
-    # It uses `CIPHERS_OLD` compatibility level by default.
     def initialize(method : LibSSL::SSLMethod = Context.default_method)
       super(method)
 
       self.verify_mode = OpenSSL::SSL::VerifyMode::PEER
       {% if LibSSL.has_method?(:x509_verify_param_lookup) %}
         self.default_verify_param = "ssl_server"
       {% end %}
-
-      self.ciphers = CIPHERS_OLD
     end
 
     # Returns a new TLS client context with only the given method set.
@@ -128,8 +124,6 @@ abstract class OpenSSL::SSL::Context
     # context = OpenSSL::SSL::Context::Server.new
     # context.add_options(OpenSSL::SSL::Options::NO_SSL_V2 | OpenSSL::SSL::Options::NO_SSL_V3)
     # ```
-    #
-    # It uses `CIPHERS_INTERMEDIATE` compatibility level by default.
     def initialize(method : LibSSL::SSLMethod = Context.default_method)
       super(method)
 
@@ -138,8 +132,6 @@ abstract class OpenSSL::SSL::Context
       {% end %}
 
       set_tmp_ecdh_key(curve: LibCrypto::NID_X9_62_prime256v1)
-
-      self.ciphers = CIPHERS_INTERMEDIATE
     end
 
     # Returns a new TLS server context with only the given method set.