Remove GCM cipher mode requirements for fallback ciphersuites SecureTransport of MacOS/iOS does not support GCM cipher mode with ECDHE-ECDSA/ECDHE-RSA key-exchange algorithms even though they seem to claim that they do. This is supposedly fixed in MacOS 10.11 but that one is not out yet. Using "meta" suite from BoringSSL to support strong encryption algorithms with a bit more leeway, not just 4 we used to hardcode. BUG: 24468826 Change-Id: Ie62a9b11584b6745848090888b7d9e1fe50e90ee

commit: 1e68f5d827a859ba3b7ab6a70a60247e0b96afa5 [log] [tgz]
author: Alex Vakulenko <avakulenko@google.com> Mon Sep 28 16:28:19 2015 -0700
committer: Alex Vakulenko <avakulenko@google.com> Mon Sep 28 16:49:51 2015 -0700
tree: f4870aa1e3cef0f3e60477bc7dad546cef101409
parent: 98eba18fb11e5d2d4f7cdadd03c24f69ee2bd32e [diff]
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index 40059cf..9247fba 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c

@@ -704,10 +704,7 @@
   else
     {
       ret = SSL_CTX_set_cipher_list (daemon->tls_context,
-                                     "ECDHE-ECDSA-AES128-GCM-SHA256:"
-                                     "ECDHE-ECDSA-AES256-GCM-SHA384:"
-                                     "ECDHE-RSA-AES128-GCM-SHA256:"
-                                     "ECDHE-RSA-AES256-GCM-SHA384");
+                                     "HIGH!SHA1!DH@STRENGTH");
       if (ret == 0)
          {
 #if HAVE_MESSAGES
commit	1e68f5d827a859ba3b7ab6a70a60247e0b96afa5	[log] [tgz]
author	Alex Vakulenko <avakulenko@google.com>	Mon Sep 28 16:28:19 2015 -0700
committer	Alex Vakulenko <avakulenko@google.com>	Mon Sep 28 16:49:51 2015 -0700
tree	f4870aa1e3cef0f3e60477bc7dad546cef101409
parent	98eba18fb11e5d2d4f7cdadd03c24f69ee2bd32e [diff]