Cipher list selection for GnuTLS

[ngircd-alex.git] / doc / sample-ngircd.conf.tmpl

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index 822fd5d4fb9dd5b99f2694b5be98ce88075c68c5..1bdf01ee4f2b7309ec864ea75a389694b368e352 100644 (file)
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -128,6 +128,12 @@
        # behavior of ngIRCd. If you want to get started quickly, you most
        # probably don't have to make changes here -- they are all optional.
 
+       # List of allowed channel types (channel prefixes) for newly created
+       # channels on the local server. By default, all supported channel
+       # types are allowed. Set this variable to the empty string to disallow
+       # creation of new channels by local clients at all.
+       ;AllowedChannelTypes = #&+
+
        # Are remote IRC operators allowed to control this server, e.g.
        # use commands like CONNECT, SQUIT, DIE, ...?
        ;AllowRemoteOper = no
@@ -159,7 +165,12 @@
        ;ConnectIPv6 = yes
        ;ConnectIPv4 = yes
 
-       # Do any DNS lookups when a client connects to the server.
+       # Default user mode(s) to set on new local clients. Please note that
+       # only modes can be set that the client could set on itself, you can't
+       # set "a" (away) or "o" (IRC Op), for example! Default: none.
+       ;DefaultUserModes = i
+
+       # Do DNS lookups when a client connects to the server.
        ;DNS = yes
 
        # Do IDENT lookups if ngIRCd has been compiled with support for it.
@@ -167,6 +178,10 @@
        # prepended to their user name.
        ;Ident = yes
 
+       # Directory containing configuration snippets (*.conf), that should
+       # be read in after parsing this configuration file.
+       ;IncludeDir = :ETCDIR:/conf.d
+
        # Enhance user privacy slightly (useful for IRC server on TOR or I2P)
        # by censoring some information like idle time, logon time, etc.
        ;MorePrivacy = no
@@ -205,9 +220,6 @@
        # character prepended to their respective user names!
        ;PAMIsOptional = no
 
-       # Allow Pre-Defined Channels only (see Section [Channels])
-       ;PredefChannelsOnly = no
-
        # Let ngIRCd send an "authentication PING" when a new client connects,
        # and register this client only after receiving the corresponding
        # "PONG" reply.
@@ -236,6 +248,17 @@
        # SSL Server Key Certificate
        ;CertFile = :ETCDIR:/ssl/server-cert.pem
 
+       # Select cipher suites allowed for SSL/TLS connections. This defaults
+       # to the empty string, so all supported ciphers are allowed. Please
+       # see 'man 1ssl ciphers' (OpenSSL) and 'man 3 gnutls_priority_init'
+       # (GnuTLS) for details.
+       # For example, this setting allows only "high strength" cipher suites,
+       # disables the ones without authentication, and sorts by strength:
+       # For OpenSSL:
+       ;CipherList = HIGH:!aNULL:@STRENGTH
+       # For GnuTLS:
+       ;CipherList = SECURE128
+
        # Diffie-Hellman parameters
        ;DHFile = :ETCDIR:/ssl/dhparams.pem