From 6d2fb4ff436c9a9c064199fdc5468cd8a1a8a993 Mon Sep 17 00:00:00 2001
From: Dirk Engling <erdgeist@erdgeist.org>
Date: Wed, 21 Jan 2026 23:53:16 +0100
Subject: Add new default ciphersuite for tls1.3 in mbedtls, so that the server
 and client can find common ciphers

---
 vchat-tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vchat-tls.c b/vchat-tls.c
index 05df4d2..e230487 100644
--- a/vchat-tls.c
+++ b/vchat-tls.c
@@ -510,7 +510,7 @@ int vc_mbedtls_connect(const char *servername, int serverfd, vc_x509store_t *vc_
 
   char *ciphers = getstroption(CF_CIPHERSUITE);
   if (!ciphers)
-    ciphers = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA";
+    ciphers = "TLS1-3-AES-256-GCM-SHA384:TLS1-3-AES-128-GCM-SHA256:TLS1-3-AES-128-CCM-SHA256:TLS1-3-AES-128-CCM-8-SHA256:TLS1-3-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA";
   ciphers = strdup(ciphers);
   for (token = strtok(ciphers, ":"); token && suitecount < MAX_SUITES - 1;
        token = strtok(NULL, ":")) {
-- 
cgit v1.2.3