diff options
| author | Alexander Barton <alex@barton.de> | 2013-09-15 17:57:41 +0200 |
|---|---|---|
| committer | Alexander Barton <alex@barton.de> | 2013-09-15 17:57:47 +0200 |
| commit | b9006acee3649600226652a8361f13c859726cf2 (patch) | |
| tree | 3a749e1e34b3384410785be9a8526d8474827e5c /doc | |
| parent | 51231ac8d45bf329f4724a145e6bc7a3ea118570 (diff) | |
| download | ngircd-b9006acee3649600226652a8361f13c859726cf2.tar.gz ngircd-b9006acee3649600226652a8361f13c859726cf2.zip | |
Cipher list selection for GnuTLS
This patch implements the missing functionality for cipher list selection using GnuTLS (our OpenSSL code has this already).
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/sample-ngircd.conf.tmpl | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index a4dbf869..1bdf01ee 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -248,12 +248,16 @@ # SSL Server Key Certificate ;CertFile = :ETCDIR:/ssl/server-cert.pem - # Select cipher suites allowed for SSL/TLS connections (OpenSSL only). - # This defaults to the empty string, so all supported ciphers are - # allowed. Please see 'man 1ssl ciphers' for details. - # The example below only allows "high strength" cipher suites, disables - # the ones without authentication, and sorts by strength: + # Select cipher suites allowed for SSL/TLS connections. This defaults + # to the empty string, so all supported ciphers are allowed. Please + # see 'man 1ssl ciphers' (OpenSSL) and 'man 3 gnutls_priority_init' + # (GnuTLS) for details. + # For example, this setting allows only "high strength" cipher suites, + # disables the ones without authentication, and sorts by strength: + # For OpenSSL: ;CipherList = HIGH:!aNULL:@STRENGTH + # For GnuTLS: + ;CipherList = SECURE128 # Diffie-Hellman parameters ;DHFile = :ETCDIR:/ssl/dhparams.pem |