Can I change the cipher list that CMDaemon will negotiate with clients?

Yes, this is possible in Bright 6.x with a CMDaemon revision >=17802.

To set the cipher list, the following AdvancedConfig option should be placed in /cm/local/apps/cmd/etc/cmd.conf:

AdvancedConfig = { "CipherList=HIGH" }

Note that if an AdvancedConfig section already exists in the cmd.conf, the CipherList option should be merged into the existing AdvancedConfig section (using commas as separation characters).

For more information about what ciphers are included in a given cipher list, use for example the following command:

openssl ciphers -v HIGH:SHA