X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=doc%2FSSL.txt;h=394894a2a103e8d6ccaa74258d40c35b3890e518;hb=6cb90f399d21f0bdbf3744423c923402f3419b99;hp=6b590b8681ee872633597f7dfc1928f3bf83a8f3;hpb=e070d93f649f76a57ce4c01782887e375f3cfba3;p=ngircd-alex.git

diff --git a/doc/SSL.txt b/doc/SSL.txt
index 6b590b86..394894a2 100644
--- a/doc/SSL.txt
+++ b/doc/SSL.txt
@@ -20,8 +20,11 @@ options of the ./configure script to enable it:
   --with-openssl     enable SSL support using OpenSSL
   --with-gnutls      enable SSL support using GnuTLS
 
-You need a SSL certificate, see below for how to create a self-signed one.
+You also need a key/certificate, see below for how to create a self-signed one.
 
+From a feature point of view, ngIRCds support for both libraries is
+comparable. The only major difference (at this time) is that ngircd with gnutls
+does not support password protected private keys.
 
 Configuration
 ~~~~~~~~~~~~~
@@ -46,8 +49,7 @@ Creating a self-signed certificate
 OpenSSL:
 
 Creating a self-signed certificate and key:
- $ openssl req -newkey rsa:2048 -x509 -keyout server-key.pem \
-	-out server-cert.pem -days 1461
+ $ openssl req -newkey rsa:2048 -x509 -keyout server-key.pem -out server-cert.pem -days 1461
 Create DH parameters (optional):
  $ openssl dhparam -2 -out dhparams.pem 2048
 
@@ -55,8 +57,7 @@ GnuTLS:
 
 Creating a self-signed certificate and key:
  $ certtool --generate-privkey --bits 2048 --outfile server-key.pem
- $ certtool --generate-self-signed --load-privkey server-key.pem \
-	 --outfile server-cert.pem
+ $ certtool --generate-self-signed --load-privkey server-key.pem --outfile server-cert.pem
 Create DH parameters (optional):
  $ certtool  --generate-dh-params --bits 2048 --outfile dhparams.pem
 
@@ -64,7 +65,7 @@ Create DH parameters (optional):
 Alternate approach using stunnel(1)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Alternatively (or if you are using ngIRCd without compiled without support
+Alternatively (or if you are using ngIRCd compiled without support
 for GnuTLS/OpenSSL), you can use external programs/tools like stunnel(1) to
 get SSL encrypted connections:
 
@@ -101,4 +102,7 @@ short "how-to", thanks Stefan!
 
     That's it.
     Don't forget to activate ssl support in your irc client ;)
+    The main drawback of this approach compared to using builtin ssl
+    is that from ngIRCds point of view, all ssl-enabled client connections will
+    originate from the host running stunnel.
 === snip ===