From b9006acee3649600226652a8361f13c859726cf2 Mon Sep 17 00:00:00 2001
From: Alexander Barton <alex@barton.de>
Date: Sun, 15 Sep 2013 17:57:41 +0200
Subject: Cipher list selection for GnuTLS

This patch implements the missing functionality for cipher list selection
using GnuTLS (our OpenSSL code has this already).
---
 doc/sample-ngircd.conf.tmpl | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'doc')

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index a4dbf869..1bdf01ee 100644
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -248,12 +248,16 @@
 	# SSL Server Key Certificate
 	;CertFile = :ETCDIR:/ssl/server-cert.pem
 
-	# Select cipher suites allowed for SSL/TLS connections (OpenSSL only).
-	# This defaults to the empty string, so all supported ciphers are
-	# allowed. Please see 'man 1ssl ciphers' for details.
-	# The example below only allows "high strength" cipher suites, disables
-	# the ones without authentication, and sorts by strength:
+	# Select cipher suites allowed for SSL/TLS connections. This defaults
+	# to the empty string, so all supported ciphers are allowed. Please
+	# see 'man 1ssl ciphers' (OpenSSL) and 'man 3 gnutls_priority_init'
+	# (GnuTLS) for details.
+	# For example, this setting allows only "high strength" cipher suites,
+	# disables the ones without authentication, and sorts by strength:
+	# For OpenSSL:
 	;CipherList = HIGH:!aNULL:@STRENGTH
+	# For GnuTLS:
+	;CipherList = SECURE128
 
 	# Diffie-Hellman parameters
 	;DHFile = :ETCDIR:/ssl/dhparams.pem
-- 
cgit 1.4.1