+
+/* Ciphersuite preference:
+ * - key exchange: prefer ECDHE, then DHE(client only), then RSA
+ * - prefer AEAD ciphers:
+ * chacha20-poly1305, the fastest in software, 256-bits
+ * aes128-gcm, 128-bits
+ * aes256-gcm, 256-bits
+ * - CBC ciphers
+ * aes128, aes256, 3DES(client only)
+ */
+
+#define ecdhe_ciphers \
+ "ECDHE-ECDSA-CHACHA20-POLY1305:" \
+ "ECDHE-ECDSA-AES128-GCM-SHA256:" \
+ "ECDHE-ECDSA-AES256-GCM-SHA384:" \
+ "ECDHE-ECDSA-AES128-SHA:" \
+ "ECDHE-ECDSA-AES256-SHA:" \
+ "ECDHE-RSA-CHACHA20-POLY1305:" \
+ "ECDHE-RSA-AES128-GCM-SHA256:" \
+ "ECDHE-RSA-AES256-GCM-SHA384:" \
+ "ECDHE-RSA-AES128-SHA:" \
+ "ECDHE-RSA-AES256-SHA"
+
+#define dhe_ciphers \
+ "DHE-RSA-CHACHA20-POLY1305:" \
+ "DHE-RSA-AES128-GCM-SHA256:" \
+ "DHE-RSA-AES256-GCM-SHA384:" \
+ "DHE-RSA-AES128-SHA:" \
+ "DHE-RSA-AES256-SHA:" \
+ "DHE-DES-CBC3-SHA"
+
+#define non_pfs_aes \
+ "AES128-GCM-SHA256:" \
+ "AES256-GCM-SHA384:" \
+ "AES128-SHA:" \
+ "AES256-SHA"
+
+#define server_cipher_list \
+ ecdhe_ciphers ":" \
+ non_pfs_aes
+
+#define client_cipher_list \
+ ecdhe_ciphers ":" \
+ dhe_ciphers ":" \
+ non_pfs_aes ":" \
+ "DES-CBC3-SHA"
+