ECHDE ciphers and cipher strings to be possibly manually defined
Firstly, please add support for ECDHE (EECDH) ciphers so user connections to bip can be handled with perfect forward secrecy. You already based your DHE code on postfix, and postfix also includes fairly neat ECDHE support, so perhaps you can again base your solution on theirs. This is hardly time-consuming or difficult to do and will make bip ready for modern SSL/TSL.
Secondly, please add an option to specify a cipher string which bip is allowed/expected to use, so particular ciphers and cab forced/excluded.