.\"
.\" ngircd.conf(5) manual page template
.\"
-.TH ngircd.conf 5 "Jan 2014" ngIRCd "ngIRCd Manual"
+.TH ngircd.conf 5 "Oct 2014" ngIRCd "ngIRCd Manual"
.SH NAME
ngircd.conf \- configuration file of ngIRCd
.SH SYNOPSIS
.TP
\fBDefaultUserModes\fR (string)
Default user mode(s) to set on new local clients. Please note that only modes
-can be set that the client could set on itself, you can't set "a" (away) or
-"o" (IRC Op), for example!
+can be set that the client could set using regular MODE commands, you can't
+set "a" (away) for example!
Default: none.
.TP
\fBDNS\fR (boolean)
section. Please note that this whole section is only recognized by ngIRCd
when it is compiled with support for SSL using OpenSSL or GnuTLS!
.TP
+\fBCAFile (string)\fR
+Filename pointing to the Trusted CA Certificates. This is required for
+verifying peer certificates and must be set if <RequireClientCert> is set.
+.TP
+\fBCRLFile (string)\fR
+Filename of Certificate Revocation List.
+.TP
\fBCertFile\fR (string)
SSL Certificate file of the private server key.
.TP
\fBCipherList\fR (string)
Select cipher suites allowed for SSL/TLS connections. This defaults to
-"HIGH:!aNULL:@STRENGTH" (OpenSSL) or "SECURE128" (GnuTLS).
+"HIGH:!aNULL:@STRENGTH:!SSLv3" (OpenSSL) or "SECURE128:-VERS-SSL3.0" (GnuTLS).
Please see 'man 1ssl ciphers' (OpenSSL) and 'man 3 gnutls_priority_init'
(GnuTLS) for details.
.TP
Same as \fBPorts\fR , except that ngIRCd will expect incoming connections
to be SSL/TLS encrypted. Common port numbers for SSL-encrypted IRC are 6669
and 6697. Default: none.
+.TP
+\fBRequireClientCert (boolean)\fR
+Do not accept SSL connections from clients that do not have a valid certificate. Defaults to false.
+Also see \fBSSLVerify\fR below.
.SH [OPERATOR]
.I [Operator]
sections are used to define IRC Operators. There may be more than one