From 100de3e4ccaab10524821d4262f6a8c3342224f8 Mon Sep 17 00:00:00 2001
From: Alexander Barton <alex@barton.de>
Date: Thu, 16 Oct 2014 13:42:24 +0200
Subject: Update "CipherList" to not enable SSLv3 by default

Idea, initial patch, and testing by Christoph Biedl
<ngircd.anoy@manchmal.in-ulm.de>
---
 doc/sample-ngircd.conf.tmpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'doc')

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index 1d07822c..b5db1d9e 100644
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -259,9 +259,9 @@
 	# See 'man 1ssl ciphers' (OpenSSL) or 'man 3 gnutls_priority_init'
 	# (GnuTLS) for details.
 	# For OpenSSL:
-	;CipherList = HIGH:!aNULL:@STRENGTH
+	;CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3
 	# For GnuTLS:
-	;CipherList = SECURE128
+	;CipherList = SECURE128:-VERS-SSL3.0
 
 	# Diffie-Hellman parameters
 	;DHFile = :ETCDIR:/ssl/dhparams.pem
-- 
cgit 1.4.1