config.m4: Fix the `acceptable' ciphers list.

Replace `+NORMAL' with the explicit algorithm class wildcards (except
for compression, which I leave turned off).  This completely broke TLS
negotiation for outside senders. :-(

diff --git a/config.m4 b/config.m4
index 1731d59403fd53adf1c4a2d26f397cc5f699ca14..5cabfebb68b55d7df4fab9aaa1195a345f6a1ac3 100644 (file)
--- a/config.m4
+++ b/config.m4
@@ -97,12 +97,19 @@ DEFCONF(good_ciphers, NONE<::>m4_dnl
 :+COMP-NULL<::>m4_dnl
 )
 DEFCONF(acceptable_ciphers, NONE<::>m4_dnl
+:+VERS-TLS-ALL<::>m4_dnl
 :+ECDHE-RSA:+ECDHE-ECDSA<::>m4_dnl
+:+KX-ALL<::>m4_dnl
+:+SIGN-ALL<::>m4_dnl
+:+CTYPE-ALL<::>m4_dnl
 :+CHACHA20-POLY1305<::>m4_dnl
 :+AES-256-GCM:+AES-128-GCM<::>m4_dnl
+:+CIPHER-ALL<::>m4_dnl
 :+CURVE-X25519<::>m4_dnl
+:+CURVE-ALL<::>m4_dnl
 :+AEAD<::>m4_dnl
-:+NORMAL<::>m4_dnl
+:+MAC-ALL<::>m4_dnl
+:+COMP-NULL<::>m4_dnl
 :-MD5<::>m4_dnl
 )