S2S-TLS: Convert SSL.txt to Markdown and update information given

No longer describe creating self-signed certificates or using "stunnel",
as both is not recommended.

1 files changed, 0 insertions, 108 deletions

diff --git a/doc/SSL.txt b/doc/SSL.txt
deleted file mode 100644
index 28ea2cd9..00000000
--- a/doc/SSL.txt
+++ /dev/null
@@ -1,108 +0,0 @@
-
-                     ngIRCd - Next Generation IRC Server
-
-                        (c)2001-2008 Alexander Barton,
-                    alex@barton.de, http://www.barton.de/
-
-               ngIRCd is free software and published under the
-                   terms of the GNU General Public License.
-
-                                 -- SSL.txt --
-
-
-ngIRCd supports SSL/TLSv1 encrypted connections using the OpenSSL or GnuTLS
-libraries. Both encrypted server-server links as well as client-server links
-are supported.
-
-SSL is a compile-time option which is disabled by default. Use one of these
-options of the ./configure script to enable it:
-
-  --with-openssl     enable SSL support using OpenSSL
-  --with-gnutls      enable SSL support using GnuTLS
-
-You also need a key/certificate, see below for how to create a self-signed one.
-
-From a feature point of view, ngIRCds support for both libraries is
-comparable. The only major difference (at this time) is that ngircd with gnutls
-does not support password protected private keys.
-
-Configuration
-~~~~~~~~~~~~~
-
-To enable SSL connections a separate port must be configured: it is NOT
-possible to handle unencrypted and encrypted connections on the same port!
-This is a limitation of the IRC protocol ...
-
-You have to set (at least) the following configuration variables in the
-[SSL] section of ngircd.conf(5): Ports, KeyFile, and CertFile.
-
-Now IRC clients are able to connect using SSL on the configured port(s).
-(Using port 6697 for encrypted connections is common.)
-
-To enable encrypted server-server links, you have to additionally set
-SSLConnect to "yes" in the corresponding [SERVER] section.
-
-
-Creating a self-signed certificate
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-OpenSSL:
-
-Creating a self-signed certificate and key:
- $ openssl req -newkey rsa:2048 -x509 -keyout server-key.pem -out server-cert.pem -days 1461
-Create DH parameters (optional):
- $ openssl dhparam -2 -out dhparams.pem 4096
-
-GnuTLS:
-
-Creating a self-signed certificate and key:
- $ certtool --generate-privkey --bits 2048 --outfile server-key.pem
- $ certtool --generate-self-signed --load-privkey server-key.pem --outfile server-cert.pem
-Create DH parameters (optional):
- $ certtool  --generate-dh-params --bits 4096 --outfile dhparams.pem
-
-
-Alternate approach using stunnel(1)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Alternatively (or if you are using ngIRCd compiled without support
-for GnuTLS/OpenSSL), you can use external programs/tools like stunnel(1) to
-get SSL encrypted connections:
-
-  <http://stunnel.mirt.net/>
-  <http://www.stunnel.org/>
-
-Stefan Sperling (stefan at binarchy dot net) mailed the following text as a
-short "how-to", thanks Stefan!
-
-=== snip ===
-    ! This guide applies to stunnel 4.x !
-
-    Put this in your stunnel.conf:
-
-        [ircs]
-        accept = 6667
-        connect = 6668
-
-    This makes stunnel listen for incoming connections
-    on port 6667 and forward decrypted data to port 6668.
-    We call the connection 'ircs'. Stunnel will use this
-    name when logging connection attempts via syslog.
-    You can also use the name in /etc/hosts.{allow,deny}
-    if you run tcp-wrappers.
-
-    To make sure ngircd is listening on the port where
-    the decrypted data arrives, set
-
-        Ports = 6668
-
-    in your ngircd.conf.
-
-    Start stunnel and restart ngircd.
-
-    That's it.
-    Don't forget to activate ssl support in your irc client ;)
-    The main drawback of this approach compared to using builtin ssl
-    is that from ngIRCds point of view, all ssl-enabled client connections will
-    originate from the host running stunnel.
-=== snip ===