Harden default TLS configuration (RIPD-1332, RIPD-1333, RIPD-1334):

The existing configuration includes 512 and 1024 bit DH
parameters and supports ciphers such as RC4 and 3DES and
hash algorithms like SHA-1 which are no longer considered
secure.

Going forward, use only 2048-bit DH parameters and define
a new default set of modern ciphers to use:

    HIGH:!aNULL:!MD5:!DSS:!SHA1:!3DES:!RC4:!EXPORT:!DSS

Additionally, allow administrators who wish to have different
settings to configure custom global and per-port ciphers suites
in the configuration file using the `ssl_ciphers` directive.

doc/rippled-example.cfg

@@ -260,6 +260,19 @@
 #           If you need a certificate chain, specify the path to the
 #           certificate chain here. The chain may include the end certificate.
 #
+#   ssl_ciphers = <cipherlist>
+#
+#       Control the ciphers which the server will support over SSL on the port,
+#       specified using the OpenSSL "cipher list format".
+#
+#       NOTE    If unspecified, rippled will automatically configure a modern
+#               cipher suite. This default suite should be widely supported.
+#
+#               You should not modify this string unless you have a specific
+#               reason and cryptographic expertise. Incorrect modification may
+#               keep rippled from connecting to other instances of rippled or
+#               prevent RPC and WebSocket clients from connecting.
+#
 #
 #
 # [rpc_startup]