Cipher list selection for GnuTLS

[ngircd-alex.git] / doc / sample-ngircd.conf.tmpl

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index a4dbf8695987fc2cf117f4d05f1adae33b19654f..1bdf01ee4f2b7309ec864ea75a389694b368e352 100644 (file)
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -248,12 +248,16 @@
        # SSL Server Key Certificate
        ;CertFile = :ETCDIR:/ssl/server-cert.pem
 
-       # Select cipher suites allowed for SSL/TLS connections (OpenSSL only).
-       # This defaults to the empty string, so all supported ciphers are
-       # allowed. Please see 'man 1ssl ciphers' for details.
-       # The example below only allows "high strength" cipher suites, disables
-       # the ones without authentication, and sorts by strength:
+       # Select cipher suites allowed for SSL/TLS connections. This defaults
+       # to the empty string, so all supported ciphers are allowed. Please
+       # see 'man 1ssl ciphers' (OpenSSL) and 'man 3 gnutls_priority_init'
+       # (GnuTLS) for details.
+       # For example, this setting allows only "high strength" cipher suites,
+       # disables the ones without authentication, and sorts by strength:
+       # For OpenSSL:
        ;CipherList = HIGH:!aNULL:@STRENGTH
+       # For GnuTLS:
+       ;CipherList = SECURE128
 
        # Diffie-Hellman parameters
        ;DHFile = :ETCDIR:/ssl/dhparams.pem