--- a/sx/ssl.c
+++ b/sx/ssl.c
@@ -989,7 +989,7 @@ int sx_ssl_server_addcert(sx_plugin_t p,
// Set allowed ciphers. if non set, at least always disable NULL and export
if (!ciphers)
- ciphers = "!aNULL:!eNULL:!EXP:" SSL_DEFAULT_CIPHER_LIST;
+ ciphers = "PROFILE=SYSTEM";
_sx_debug(ZONE, "Restricting TLS ciphers to %s", ciphers);
if (SSL_CTX_set_cipher_list(ctx, ciphers) != 1) {
_sx_debug(ZONE, "Can't set cipher list for SSL context: %s", ERR_error_string(ERR_get_error(), NULL));