(PUP-3467) Update webrick ciphersuites to match passenger
Previously, puppet's webrick server did not specify which ciphersuites
it would accept. Depending on the ruby and openssl, the default set of
ciphersuites is:
$ ruby -ropenssl -e 'puts OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ciphers]' ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
Note that "ALL:!ADH" does not exclude AECDH, and the default param
string includes "LOW", e.g. DES-CBC-SHA.
This commit updates the webrick ciphersuites to match the value used
in passenger in commit 204b2974b. The resulting ciphersuites are:
[["DHE-RSA-AES256-GCM-SHA384", "TLSv1/SSLv3", 256, 256], ["DHE-RSA-AES256-SHA256", "TLSv1/SSLv3", 256, 256], ["ECDHE-RSA-AES256-GCM-SHA384", "TLSv1/SSLv3", 256, 256], ["ECDHE-RSA-AES256-SHA384", "TLSv1/SSLv3", 256, 256], ["DHE-RSA-AES128-GCM-SHA256", "TLSv1/SSLv3", 128, 128], ["DHE-RSA-AES128-SHA256", "TLSv1/SSLv3", 128, 128], ["ECDHE-RSA-AES128-GCM-SHA256", "TLSv1/SSLv3", 128, 128], ["ECDHE-RSA-AES128-SHA256", "TLSv1/SSLv3", 128, 128], ["DHE-RSA-CAMELLIA256-SHA", "TLSv1/SSLv3", 256, 256], ["DHE-RSA-AES256-SHA", "TLSv1/SSLv3", 256, 256], ["ECDHE-RSA-AES256-SHA", "TLSv1/SSLv3", 256, 256], ["DHE-RSA-CAMELLIA128-SHA", "TLSv1/SSLv3", 128, 128], ["DHE-RSA-AES128-SHA", "TLSv1/SSLv3", 128, 128], ["ECDHE-RSA-AES128-SHA", "TLSv1/SSLv3", 128, 128], ["CAMELLIA256-SHA", "TLSv1/SSLv3", 256, 256], ["AES256-SHA", "TLSv1/SSLv3", 256, 256], ["CAMELLIA128-SHA", "TLSv1/SSLv3", 128, 128], ["AES128-SHA", "TLSv1/SSLv3", 128, 128]]