From b45baaa158665d936fce0ca6586ec0e76bb7871c Mon Sep 17 00:00:00 2001
From: Jadyn <github@dl6jj.de>
Date: Tue, 15 Jun 2021 19:14:34 +0200
Subject: [PATCH] Disable use of deprecated Ciphers (#34)

* Disable use of depricated Ciphers

Old ciphers shouldn't be used. Devices that use newer ciphers couldn't be reached as the cipher was locked to sslv3.

* chore: add changelog fragment
---
 changelogs/fragments/34-api-ciphers.yml | 2 ++
 plugins/modules/api.py                  | 1 -
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/34-api-ciphers.yml

diff --git a/changelogs/fragments/34-api-ciphers.yml b/changelogs/fragments/34-api-ciphers.yml
new file mode 100644
index 0000000..cf722b3
--- /dev/null
+++ b/changelogs/fragments/34-api-ciphers.yml
@@ -0,0 +1,2 @@
+bugfixes:
+- "api - when using TLS/SSL, remove explicit cipher configuration to insecure values, which also makes it impossible to connect to newer RouterOS versions (https://github.com/ansible-collections/community.routeros/pull/34)."
diff --git a/plugins/modules/api.py b/plugins/modules/api.py
index bb5d7a8..9ad6031 100644
--- a/plugins/modules/api.py
+++ b/plugins/modules/api.py
@@ -451,7 +451,6 @@ class ROS_api_module:
                     conn_status["connection"]["port"] = port
                 ctx = ssl.create_default_context()
                 ctx.check_hostname = False
-                ctx.set_ciphers('ADH:@SECLEVEL=0')
                 api = connect(username=username,
                               password=password,
                               host=host,