From 0985d69cc6c1daa7cdc8f15f93772b12ab3e8271 Mon Sep 17 00:00:00 2001
From: "Federico G. Schwindt" <fgsch@lodoss.net>
Date: Tue, 17 Sep 2013 16:16:51 +0100
Subject: Change cipher defaults

Switch cipher defaults to HIGH:!aNULL:@STRENGTH (OpenSSL) or
SECURE128 (GnuTLS).
---
 man/ngircd.conf.5.tmpl | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'man')

diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl
index 862c1424..b69649ea 100644
--- a/man/ngircd.conf.5.tmpl
+++ b/man/ngircd.conf.5.tmpl
@@ -367,13 +367,10 @@ when it is compiled with support for SSL using OpenSSL or GnuTLS!
 SSL Certificate file of the private server key.
 .TP
 \fBCipherList\fR (string)
-Select cipher suites allowed for SSL/TLS connections. This defaults to the
-empty string, so all supported ciphers are allowed.
+Select cipher suites allowed for SSL/TLS connections.  This defaults to
+"HIGH:!aNULL:@STRENGTH" (OpenSSL) or "SECURE128" (GnuTLS).
 Please see 'man 1ssl ciphers' (OpenSSL) and 'man 3 gnutls_priority_init'
 (GnuTLS) for details.
-For example, this setting allows only "high strength" cipher suites, disables
-the ones without authentication, and sorts by strength:
-"HIGH:!aNULL:@STRENGTH" (OpenSSL), "SECURE128" (GnuTLS).
 .TP
 \fBDHFile\fR (string)
 Name of the Diffie-Hellman Parameter file. Can be created with GnuTLS
-- 
cgit 1.4.1