ssl: Always prefer AES over 3DES

AES256 was preferred over 3DES already, so this only makes sure AES128
is preferred over 3DES also. This changes the default but probably
nobody will notice as a better algorithm will be chosen anyhow.

1 files changed, 9 insertions, 9 deletions

diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index 7f24ce5192..32bcdf71c3 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -204,21 +204,21 @@ suites(Minor) when Minor == 1; Minor == 2 ->
       ?TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
       ?TLS_RSA_WITH_AES_256_CBC_SHA,
 
-      ?TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
-      ?TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-      ?TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-      ?TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
-      ?TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-      ?TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
-      ?TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-
       ?TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
       ?TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
       ?TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
       ?TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
       ?TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
       ?TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
-      ?TLS_RSA_WITH_AES_128_CBC_SHA
+      ?TLS_RSA_WITH_AES_128_CBC_SHA,
+
+      ?TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+      ?TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+      ?TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+      ?TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+      ?TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+      ?TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+      ?TLS_RSA_WITH_3DES_EDE_CBC_SHA
     ];
 suites(3) ->
     [