Consistently have the namespace closing comment

[folly.git] / folly / io / async / SSLOptions.h

diff --git a/folly/io/async/SSLOptions.h b/folly/io/async/SSLOptions.h
index 94dc8ed188f4968f0d35e84546d96940a72fb434..a808d55771d14603d630890bab222308f2639425 100644 (file)
--- a/folly/io/async/SSLOptions.h
+++ b/folly/io/async/SSLOptions.h
@@ -24,7 +24,7 @@ namespace ssl {
 
 namespace ssl_options_detail {
 void logDfatal(std::exception const&);
-}
+} // namespace ssl_options_detail
 
 struct SSLCommonOptions {
   /**
@@ -66,6 +66,28 @@ struct SSLCommonOptions {
   static void setClientOptions(SSLContext& ctx);
 };
 
+/**
+ * Recommended SSL options for server-side scenario.
+ */
+struct SSLServerOptions {
+  /**
+   * The list of ciphers recommended for server use.
+   */
+  static constexpr auto kCipherList = folly::make_array(
+      "ECDHE-ECDSA-AES128-GCM-SHA256",
+      "ECDHE-ECDSA-AES256-GCM-SHA384",
+      "ECDHE-ECDSA-AES128-SHA",
+      "ECDHE-ECDSA-AES256-SHA",
+      "ECDHE-RSA-AES128-GCM-SHA256",
+      "ECDHE-RSA-AES256-GCM-SHA384",
+      "ECDHE-RSA-AES128-SHA",
+      "ECDHE-RSA-AES256-SHA",
+      "AES128-GCM-SHA256",
+      "AES256-GCM-SHA384",
+      "AES128-SHA",
+      "AES256-SHA");
+};
+
 /**
  * Set the cipher suite of ctx to that in TSSLOptions, and print any runtime
  * error it catches.