Cipher list selection for GnuTLS

[ngircd-alex.git] / doc / sample-ngircd.conf.tmpl

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index 99960e95f0d16a40b827ed67fd08fe60b39741bf..1bdf01ee4f2b7309ec864ea75a389694b368e352 100644 (file)
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -165,7 +165,12 @@
        ;ConnectIPv6 = yes
        ;ConnectIPv4 = yes
 
-       # Do any DNS lookups when a client connects to the server.
+       # Default user mode(s) to set on new local clients. Please note that
+       # only modes can be set that the client could set on itself, you can't
+       # set "a" (away) or "o" (IRC Op), for example! Default: none.
+       ;DefaultUserModes = i
+
+       # Do DNS lookups when a client connects to the server.
        ;DNS = yes
 
        # Do IDENT lookups if ngIRCd has been compiled with support for it.
@@ -243,6 +248,17 @@
        # SSL Server Key Certificate
        ;CertFile = :ETCDIR:/ssl/server-cert.pem
 
+       # Select cipher suites allowed for SSL/TLS connections. This defaults
+       # to the empty string, so all supported ciphers are allowed. Please
+       # see 'man 1ssl ciphers' (OpenSSL) and 'man 3 gnutls_priority_init'
+       # (GnuTLS) for details.
+       # For example, this setting allows only "high strength" cipher suites,
+       # disables the ones without authentication, and sorts by strength:
+       # For OpenSSL:
+       ;CipherList = HIGH:!aNULL:@STRENGTH
+       # For GnuTLS:
+       ;CipherList = SECURE128
+
        # Diffie-Hellman parameters
        ;DHFile = :ETCDIR:/ssl/dhparams.pem