ssl_cipher_list defaults to NULL. Added a few example settings to the documentation.

docs/UserManual.md

@@ -410,9 +410,16 @@ Loads default trusted certificates locations set at openssl compile time.
 ### ssl_forward_secrecy `yes`
 Enable [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy).
 
-### ssl_cipher_list `ALL`
-List of ciphers, specified in OpenSSL format, to present to the client.
-See [this entry](https://www.openssl.org/docs/manmaster/apps/ciphers.html) in OpenSSL documentation for details.
+### ssl_cipher_list
+List of ciphers to present to the client. Entries should be separated by 
+colons, commas or spaces.
+
+    ALL           All available ciphers
+    ALL:!eNULL    All ciphers excluding NULL ciphers
+    AES128:!MD5   AES 128 with digests other than MD5
+
+See [this entry](https://www.openssl.org/docs/manmaster/apps/ciphers.html) in
+OpenSSL documentation for full list of options and additional examples.
 
 # Lua Scripts and Lua Server Pages
 Pre-built Windows and Mac civetweb binaries have built-in Lua scripting

src/civetweb.c

@@ -1094,7 +1094,7 @@ static struct mg_option config_options[] = {
     {"ssl_verify_depth", CONFIG_TYPE_NUMBER, "9"},
     {"ssl_default_verify_paths", CONFIG_TYPE_BOOLEAN, "yes"},
     {"ssl_forward_secrecy", CONFIG_TYPE_BOOLEAN, "yes"},
-    {"ssl_cipher_list", CONFIG_TYPE_STRING, "ALL"},
+    {"ssl_cipher_list", CONFIG_TYPE_STRING, NULL},
 #if defined(USE_WEBSOCKET)
     {"websocket_timeout_ms", CONFIG_TYPE_NUMBER, "30000"},
 #endif
@@ -10279,10 +10279,12 @@ set_ssl_option(struct mg_context *ctx)
 		}
 	}
 
-	if(SSL_CTX_set_cipher_list(ctx->ssl_ctx, ctx->config[SSL_CIPHER_LIST]) != 1) {
-	mg_cry(fc(ctx),
-			"SSL_CTX_set_cipher_list error: %s",
-			ssl_error());
+	if (ctx->config[SSL_CIPHER_LIST] != NULL) {
+		if (SSL_CTX_set_cipher_list(ctx->ssl_ctx, ctx->config[SSL_CIPHER_LIST]) != 1) {
+		mg_cry(fc(ctx),
+				"SSL_CTX_set_cipher_list error: %s",
+				ssl_error());
+		}
 	}
 
 	return 1;