diff options
| author | Alexander Barton <alex@barton.de> | 2013-09-15 15:09:36 +0200 |
|---|---|---|
| committer | Alexander Barton <alex@barton.de> | 2013-09-15 15:09:36 +0200 |
| commit | 84ed46d4c1caaa4ec79a6223c35785afcf1c9d53 (patch) | |
| tree | a6b11f96be8dfd6e0fd7a02b648bd1929f3ec3b5 /man/ngircd.conf.5.tmpl | |
| parent | 849f85a05c17828c592bed26bd99707f211fad1c (diff) | |
| download | ngircd-84ed46d4c1caaa4ec79a6223c35785afcf1c9d53.tar.gz ngircd-84ed46d4c1caaa4ec79a6223c35785afcf1c9d53.zip | |
Cipher list selection for OpenSSL
This patch introduces the possibility to arbitrarily select ciphers which should be promoted resp. declined when establishing a SSL connection with a client by implementing the new configuration option "CipherList". By default, OpenSSL would accept low and medium strength and RC-4 ciphers, which nowadays are known to be broken. This patch only implements the feature for OpenSSL. A GnuTLS counterpart has to be implemented in another patch ... Original patch by Bastian <bastian-ngircd@t6l.de>. Closes bug #162.
Diffstat (limited to 'man/ngircd.conf.5.tmpl')
| -rw-r--r-- | man/ngircd.conf.5.tmpl | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index cf926f9a..263dec04 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -366,6 +366,13 @@ when it is compiled with support for SSL using OpenSSL or GnuTLS! \fBCertFile\fR (string) SSL Certificate file of the private server key. .TP +\fBCipherList\fR (string) +OpenSSL only: Select cipher suites allowed for SSL/TLS connections. This +defaults to the empty string, so all supported ciphers are allowed. Please see +'man 1ssl ciphers' for details. This setting allows only "high strength" cipher +suites, disables the ones without authentication, and sorts by strength, for +example: "HIGH:!aNULL:@STRENGTH". +.TP \fBDHFile\fR (string) Name of the Diffie-Hellman Parameter file. Can be created with GnuTLS "certtool \-\-generate-dh-params" or "openssl dhparam". If this file is not |