From 815e3182680c37b2bb4abb57dc4908d2b4169a0f Mon Sep 17 00:00:00 2001
From: Julien Boeuf <jboeuf@google.com>
Date: Thu, 20 Apr 2017 13:20:32 -0700
Subject: [PATCH] Removing cipher suites blacklisted in HTTP2.

See http://httpwg.org/specs/rfc7540.html#BadCipherSuites
---
 src/core/lib/security/transport/security_connector.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/core/lib/security/transport/security_connector.c b/src/core/lib/security/transport/security_connector.c
index a7a5d65caf..b208c78cac 100644
--- a/src/core/lib/security/transport/security_connector.c
+++ b/src/core/lib/security/transport/security_connector.c
@@ -79,8 +79,7 @@ void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb) {
 /* Defines the cipher suites that we accept by default. All these cipher suites
    are compliant with HTTP2. */
 #define GRPC_SSL_CIPHER_SUITES                                            \
-  "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-" \
-  "SHA384:ECDHE-RSA-AES256-GCM-SHA384"
+  "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384"
 
 static gpr_once cipher_suites_once = GPR_ONCE_INIT;
 static const char *cipher_suites = NULL;
-- 
GitLab