From b6c4178f0ab7c49abd6e795708beddaf7b766137 Mon Sep 17 00:00:00 2001
From: Pavel Pavlenko <region23@gmail.com>
Date: Wed, 9 Dec 2015 11:10:55 +0300
Subject: [PATCH] Remove ECDHE-RSA-3DES-EDE-CBC-SHA and RSA-3DES-EDE-CBC-SHA
 from the default TLS config

---
 caddy/setup/tls.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/caddy/setup/tls.go b/caddy/setup/tls.go
index 4e5f7f9d2..abec2d523 100644
--- a/caddy/setup/tls.go
+++ b/caddy/setup/tls.go
@@ -91,6 +91,9 @@ func SetDefaultTLSParams(c *server.Config) {
 	// If no ciphers provided, use all that Caddy supports for the protocol
 	if len(c.TLS.Ciphers) == 0 {
 		c.TLS.Ciphers = supportedCiphers
+		
+		// Remove ECDHE-RSA-3DES-EDE-CBC-SHA and RSA-3DES-EDE-CBC-SHA from the default TLS config
+		c.TLS.Ciphers = c.TLS.Ciphers[:len(c.TLS.Ciphers)-2]
 	}
 
 	// Not a cipher suite, but still important for mitigating protocol downgrade attacks