Harden the TLS connection cipher suites

1 files changed, 26 insertions, 0 deletions

diff --git a/src/main/java/eu/siacs/conversations/Config.java b/src/main/java/eu/siacs/conversations/Config.java
index 6fe13d93..b269dedf 100644
--- a/src/main/java/eu/siacs/conversations/Config.java
+++ b/src/main/java/eu/siacs/conversations/Config.java
@@ -29,6 +29,32 @@ public final class Config {
 	public static final long MAM_MAX_CATCHUP =  MILLISECONDS_IN_DAY / 2;
 	public static final int MAM_MAX_MESSAGES = 500;
 
+	public static final String ENABLED_CIPHERS[] = {
+		"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+		"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384",
+		"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256",
+		"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+		"TLS_ECDHE_RSA_AES_128_SHA",
+		"TLS_ECDHE_RSA_AES_256_SHA",
+
+		"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+		"TLS_DHE_RSA_WITH_AES_128_GCM_SHA384",
+		"TLS_DHE_RSA_WITH_AES_256_GCM_SHA256",
+		"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
+
+		"TLS_DHE_RSA_WITH_CAMELLIA_256_SHA",
+
+		// Fallback.
+		"TLS_RSA_WITH_AES_128_GCM_SHA256",
+		"TLS_RSA_WITH_AES_128_GCM_SHA384",
+		"TLS_RSA_WITH_AES_256_GCM_SHA256",
+		"TLS_RSA_WITH_AES_256_GCM_SHA384",
+		"TLS_RSA_WITH_AES_128_CBC_SHA256",
+		"TLS_RSA_WITH_AES_128_CBC_SHA384",
+		"TLS_RSA_WITH_AES_256_CBC_SHA256",
+		"TLS_RSA_WITH_AES_256_CBC_SHA384"
+	};
+
 	private Config() {
 
 	}