From df4dc7b41f6c4c383479ba2b760bfa32e72c3cb0 Mon Sep 17 00:00:00 2001
From: Philipp Balzarek <p.balzarek@googlemail.com>
Date: Fri, 8 Mar 2013 13:12:04 +0100
Subject: [PATCH] tighten default TLS parameters

---
 source/Network/Xmpp/Tls.hs | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/source/Network/Xmpp/Tls.hs b/source/Network/Xmpp/Tls.hs
index f684beb..4ebaa71 100644
--- a/source/Network/Xmpp/Tls.hs
+++ b/source/Network/Xmpp/Tls.hs
@@ -39,13 +39,9 @@ starttlsE = Element "{urn:ietf:params:xml:ns:xmpp-tls}starttls" [] []
 
 exampleParams :: TLSParams
 exampleParams = defaultParamsClient
-    { pConnectVersion    = TLS10
-    , pAllowedVersions   = [SSL3, TLS10, TLS11]
-    , pCiphers           = [cipher_AES128_SHA1]
-    , pCompressions      = [nullCompression]
-    , pUseSecureRenegotiation = False -- No renegotiation
-    , onCertificatesRecv = \_certificate ->
-          return CertificateUsageAccept
+    { pConnectVersion    = TLS12
+    , pAllowedVersions   = [TLS12]
+    , pCiphers           = ciphersuite_strong
     }
 
 -- Pushes "<starttls/>, waits for "<proceed/>", performs the TLS handshake, and