mirrors/ngircd
1
0
Fork 0
mirror of https://github.com/osmarks/ngircd.git synced 2025-09-08 21:45:58 +00:00
Code Issues Releases Wiki Activity

Change cipher defaults

Browse Source 
Switch cipher defaults to HIGH:!aNULL:@STRENGTH (OpenSSL) or
SECURE128 (GnuTLS).
This commit is contained in:
Federico G. Schwindt
2013-09-17 16:16:51 +01:00
parent d0977258ee
commit 0985d69cc6
5 changed files with 34 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
man/ngircd.conf.5.tmpl
View File

@@ -367,13 +367,10 @@ when it is compiled with support for SSL using OpenSSL or GnuTLS!
SSL Certificate file of the private server key.
.TP
\fBCipherList\fR (string)
Select cipher suites allowed for SSL/TLS connections. This defaults to the
empty string, so all supported ciphers are allowed.
Select cipher suites allowed for SSL/TLS connections. This defaults to
"HIGH:!aNULL:@STRENGTH" (OpenSSL) or "SECURE128" (GnuTLS).
Please see 'man 1ssl ciphers' (OpenSSL) and 'man 3 gnutls_priority_init'
(GnuTLS) for details.
For example, this setting allows only "high strength" cipher suites, disables
the ones without authentication, and sorts by strength:
"HIGH:!aNULL:@STRENGTH" (OpenSSL), "SECURE128" (GnuTLS).
.TP
\fBDHFile\fR (string)
Name of the Diffie-Hellman Parameter file. Can be created with GnuTLS