I would like to contribute this suggestion (assuming nobody has already) : ssl_cipher_list = TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!PSK:@STRENGTH I have not tested it incredibly thoroughly, but I do believe the @STRENGTH at the end is the little secret that puts the order into the chaos.