[libvirt-users] Disable weak ciphers in vnc_tls

Dear libvirt team, we a currently in a pci-dss certification process and our security scanner found weak ciphers in the vlc_tls service on our centos6 box: When I scan using sslscan I can see that sslv3 and rc4 is accepted: inf0rmix@tardis:~$ sslscan myhost:16514 | grep Accepted Accepted SSLv3 256 bits DHE-RSA-AES256-SHA Accepted SSLv3 256 bits AES256-SHA Accepted SSLv3 128 bits DHE-RSA-AES128-SHA Accepted SSLv3 128 bits AES128-SHA Accepted SSLv3 128 bits RC4-SHA Accepted SSLv3 128 bits RC4-MD5 Accepted SSLv3 112 bits EDH-RSA-DES-CBC3-SHA Accepted SSLv3 112 bits DES-CBC3-SHA Accepted TLSv1 256 bits DHE-RSA-AES256-SHA Accepted TLSv1 256 bits DHE-RSA-CAMELLIA256-SHA Accepted TLSv1 256 bits AES256-SHA Accepted TLSv1 256 bits CAMELLIA256-SHA Accepted TLSv1 128 bits DHE-RSA-AES128-SHA Accepted TLSv1 128 bits DHE-RSA-CAMELLIA128-SHA Accepted TLSv1 128 bits AES128-SHA Accepted TLSv1 128 bits CAMELLIA128-SHA Accepted TLSv1 128 bits RC4-SHA Accepted TLSv1 128 bits RC4-MD5 Accepted TLSv1 112 bits EDH-RSA-DES-CBC3-SHA Accepted TLSv1 112 bits DES-CBC3-SHA how do we turn it off and only allow tlv>=1.1 Kind regards, Matthias Fenner