diff options
| author | Alexander Barton <alex@barton.de> | 2013-09-15 15:09:36 +0200 |
|---|---|---|
| committer | Alexander Barton <alex@barton.de> | 2013-09-15 15:09:36 +0200 |
| commit | 84ed46d4c1caaa4ec79a6223c35785afcf1c9d53 (patch) | |
| tree | a6b11f96be8dfd6e0fd7a02b648bd1929f3ec3b5 /doc | |
| parent | 849f85a05c17828c592bed26bd99707f211fad1c (diff) | |
| download | ngircd-84ed46d4c1caaa4ec79a6223c35785afcf1c9d53.tar.gz ngircd-84ed46d4c1caaa4ec79a6223c35785afcf1c9d53.zip | |
Cipher list selection for OpenSSL
This patch introduces the possibility to arbitrarily select ciphers which should be promoted resp. declined when establishing a SSL connection with a client by implementing the new configuration option "CipherList". By default, OpenSSL would accept low and medium strength and RC-4 ciphers, which nowadays are known to be broken. This patch only implements the feature for OpenSSL. A GnuTLS counterpart has to be implemented in another patch ... Original patch by Bastian <bastian-ngircd@t6l.de>. Closes bug #162.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/sample-ngircd.conf.tmpl | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index ae1b2139..a4dbf869 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -248,6 +248,13 @@ # SSL Server Key Certificate ;CertFile = :ETCDIR:/ssl/server-cert.pem + # Select cipher suites allowed for SSL/TLS connections (OpenSSL only). + # This defaults to the empty string, so all supported ciphers are + # allowed. Please see 'man 1ssl ciphers' for details. + # The example below only allows "high strength" cipher suites, disables + # the ones without authentication, and sorts by strength: + ;CipherList = HIGH:!aNULL:@STRENGTH + # Diffie-Hellman parameters ;DHFile = :ETCDIR:/ssl/dhparams.pem |