ircd::net::acceptor: Add conf::item to specify a default whitelist of ciphers in openssl format.

include/ircd/net/acceptor.h

@@ -25,6 +25,7 @@ struct ircd::net::acceptor
 
 	static log::log log;
 	static conf::item<milliseconds> timeout;
+	static conf::item<std::string> ssl_cipher_list;
 
 	net::listener *listener_;
 	std::string name;

ircd/net.cc

@@ -1102,6 +1102,13 @@ ircd::net::acceptor::timeout
 	{ "default",  12000L                      },
 };
 
+decltype(ircd::net::acceptor::ssl_cipher_list)
+ircd::net::acceptor::ssl_cipher_list
+{
+	{ "name",     "ircd.net.acceptor.ssl.cipher.list" },
+	{ "default",  string_view{}                       },
+};
+
 std::ostream &
 ircd::net::operator<<(std::ostream &s, const acceptor &a)
 {
@@ -1559,6 +1566,12 @@ ircd::net::acceptor::configure(const json::object &opts)
 		assert(ssl.native_handle());
 		openssl::set_cipher_list(*ssl.native_handle(), list);
 	}
+	else if(!empty(string_view(ssl_cipher_list)))
+	{
+		assert(ssl.native_handle());
+		const string_view &list(ssl_cipher_list);
+		openssl::set_cipher_list(*ssl.native_handle(), list);
+	}
 
 	if(!empty(unquote(opts["ssl_curve_list"])))
 	{