#
cipher_list = "DEFAULT"
+ # If enabled, OpenSSL will use server cipher list
+ # (possibly defined by cipher_list option above)
+ # for choosing right cipher suite rather than
+ # using client-specified list which is OpenSSl default
+ # behavior. Having it set to yes is a current best practice
+ # for TLS
+ cipher_server_preference = no
+
# Work-arounds for OpenSSL nonsense
# OpenSSL 1.0.1f and 1.0.1g do not calculate
# the EAP keys correctly. The fix is to upgrade
# If "enable = no" below, you CANNOT enable resumption for just one
# user by setting the above attribute to "yes".
#
- enable = yes
+ enable = no
#
# Lifetime of the cached entries, in hours. The sessions will be