From 0985d69cc6c1daa7cdc8f15f93772b12ab3e8271 Mon Sep 17 00:00:00 2001
From: "Federico G. Schwindt" <fgsch@lodoss.net>
Date: Tue, 17 Sep 2013 16:16:51 +0100
Subject: Change cipher defaults

Switch cipher defaults to HIGH:!aNULL:@STRENGTH (OpenSSL) or
SECURE128 (GnuTLS).
---
 doc/sample-ngircd.conf.tmpl | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'doc')

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index 1bdf01ee..65da3601 100644
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -249,11 +249,9 @@
 	;CertFile = :ETCDIR:/ssl/server-cert.pem
 
 	# Select cipher suites allowed for SSL/TLS connections. This defaults
-	# to the empty string, so all supported ciphers are allowed. Please
-	# see 'man 1ssl ciphers' (OpenSSL) and 'man 3 gnutls_priority_init'
+	# to HIGH:!aNULL:@STRENGTH (OpenSSL) or SECURE128 (GnuTLS).
+	# See 'man 1ssl ciphers' (OpenSSL) or 'man 3 gnutls_priority_init'
 	# (GnuTLS) for details.
-	# For example, this setting allows only "high strength" cipher suites,
-	# disables the ones without authentication, and sorts by strength:
 	# For OpenSSL:
 	;CipherList = HIGH:!aNULL:@STRENGTH
 	# For GnuTLS:
-- 
cgit 1.4.1