tighten default TLS parameters

source/Network/Xmpp/Tls.hs

@@ -39,13 +39,9 @@ starttlsE = Element "{urn:ietf:params:xml:ns:xmpp-tls}starttls" [] []
 
 exampleParams :: TLSParams
 exampleParams = defaultParamsClient
-    { pConnectVersion    = TLS10
+    { pConnectVersion    = TLS12
-    , pAllowedVersions   = [SSL3, TLS10, TLS11]
+    , pAllowedVersions   = [TLS12]
-    , pCiphers           = [cipher_AES128_SHA1]
+    , pCiphers           = ciphersuite_strong
-    , pCompressions      = [nullCompression]
-    , pUseSecureRenegotiation = False -- No renegotiation
-    , onCertificatesRecv = \_certificate ->
-          return CertificateUsageAccept
     }
 
 -- Pushes "<starttls/>, waits for "<proceed/>", performs the TLS handshake, and