ssl_secure_ciphers/1

Documentation
- Reference manual
- Packages
  - SWI-Prolog SSL Interface
    - library(ssl): Secure Socket Layer (SSL) library

Availability::- use_module(library(ssl)).(can be autoloaded)

[det]ssl_secure_ciphers(-Ciphers:atom)

Secure ciphers must guarantee forward secrecy, and must mitigate all known critical attacks. As of 2017, using the following ciphers allows you to obtain grade A on https://www.ssllabs.com. For A+, you must also enable HTTP Strict Transport Security (HSTS) by sending a suitable header field in replies.

Note that obsolete ciphers must be disabled to reliably prevent protocol downgrade attacks.

The Ciphers list is read from the setting ssl:secure_ciphers and can be controlled using set_setting/2 and other predicates from library(settings).

BEWARE: This list must be changed when attacks on these ciphers become known! Keep an eye on this setting and adapt it as necessary in the future.