Remove RC4 ciphersuites by default
diff --git a/ChangeLog b/ChangeLog
index 8fbdabf..b0900d2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,7 +26,8 @@
* Remove test program o_p_test, the script compat.sh does more.
* Remove test program ssl_test, superseded by ssl-opt.sh.
* Remove helper script active-config.pl
- * RC4 is now disabled by default in the SSL/TLS layer.
+ * RC4 is now blacklisted by default in the SSL/TLS layer, and excluded from the
+ default ciphersuite list returned by ssl_list_ciphersuites()
= mbed TLS 1.3 branch
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 8b2a858..32a9fff 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -365,7 +365,7 @@
*
* Uncomment this macro to remove RC4 ciphersuites by default.
*/
-//#define POLARSSL_REMOVE_ARC4_CIPHERSUITES
+#define POLARSSL_REMOVE_ARC4_CIPHERSUITES
/**
* \def POLARSSL_ECP_XXXX_ENABLED