From 7d41009a9c10e54d0b287e6094cc89c14fc1a95c Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@palantir.com>
Date: Sat, 16 Sep 2017 13:10:55 -0400
Subject: [PATCH] Update default client cipher list

---
 openssl/src/ssl/connector.rs | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs
index 24d938fb..8f568054 100644
--- a/openssl/src/ssl/connector.rs
+++ b/openssl/src/ssl/connector.rs
@@ -66,10 +66,13 @@ impl SslConnectorBuilder {
     pub fn new(method: SslMethod) -> Result<SslConnectorBuilder, ErrorStack> {
         let mut ctx = try!(ctx(method));
         try!(ctx.set_default_verify_paths());
-        // From https://github.com/python/cpython/blob/c30098c8c6014f3340a369a31df9c74bdbacc269/Lib/ssl.py#L191
+        // From https://github.com/python/cpython/blob/a170fa162dc03f0a014373349e548954fff2e567/Lib/ssl.py#L193
         try!(ctx.set_cipher_list(
-            "ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:ECDH+AES128:\
-             DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:!aNULL:!eNULL:!MD5:!3DES",
+            "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:\
+             TLS13-AES-128-GCM-SHA256:\
+             ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:\
+             ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:\
+             !aNULL:!eNULL:!MD5:!3DES"
         ));
         setup_verify(&mut ctx);