-.\" $OpenBSD: relayd.conf.5,v 1.166 2015/10/24 11:37:17 benno Exp $
+.\" $OpenBSD: relayd.conf.5,v 1.167 2015/10/27 12:27:54 benno Exp $
.\"
.\" Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org>
.\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: October 24 2015 $
+.Dd $Mdocdate: October 27 2015 $
.Dt RELAYD.CONF 5
.Os
.Sh NAME
.It Oo Ic no Oc Ic cipher-server-preference
Prefer the server's cipher list over the client's preferences when
choosing a cipher for the connection;
-disabled by default.
+enabled by default.
.It Oo Ic no Oc Ic client-renegotiation
Allow client-initiated renegotiation;
enabled by default.
-/* $OpenBSD: relayd.h,v 1.214 2015/08/21 08:45:51 yasuoka Exp $ */
+/* $OpenBSD: relayd.h,v 1.215 2015/10/27 12:27:54 benno Exp $ */
/*
* Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org>
#define TLSFLAG_CIPHER_SERVER_PREF 0x20
#define TLSFLAG_CLIENT_RENEG 0x40
#define TLSFLAG_DEFAULT \
- (TLSFLAG_TLSV1_2|TLSFLAG_CLIENT_RENEG)
+ (TLSFLAG_TLSV1_2|TLSFLAG_CIPHER_SERVER_PREF|TLSFLAG_CLIENT_RENEG)
#define TLSFLAG_BITS \
"\06\01sslv3\02tlsv1.0\03tlsv1.1\04tlsv1.2" \