diff options
| author | 2024-02-19 18:46:05 +0000 | |
|---|---|---|
| committer | 2024-02-19 18:46:05 +0000 | |
| commit | ebd03383f856bfaa72b1700a96561396e6f8f6cc (patch) | |
| tree | 47651f7a9c8567ae020c6b8750db58a7d3c2da2b /docs | |
| parent | Fix more issues with the v3 compat layer. (diff) | |
Allow using multiple SSL fingerprint algorithms.
Closes #1804.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/conf/modules.conf.example | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index 6e7dafd76..7c19f620d 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -2464,7 +2464,9 @@ # gateway users (requires the gateway module). This # # should be the same algorithm you specified in the # # <sslprofile:hash> field of the TLS profile used for # -# user connections. # +# user connections. You can prefix the algorithm name # +# with spki- to use a Subject Public Key Info (SPKI) # +# fingerprint instead of a certificate fingerprint. # # # # localsecure - Whether to treat locally-connected plaintext users # # as if they are connected with TLS. Defaults to yes. # @@ -2472,10 +2474,6 @@ # operonly - Whether TLS client certificate info is only visible # # by server operators. Defaults to no. # # # -# spkifp - Whether to use a Subject Public Key Info (SPKI) # -# fingerprint instead of a certificate fingerprint # -# for user TLS client fingerprints. Defaults to no. # -# # # warnexpiring - If specified then the maximum period of validity # # that can be left on a user's TLS client certificate # # before users are warned about the imminent expiry. # @@ -2489,7 +2487,6 @@ #<sslinfo hash="sha-256" # localsecure="yes" # operonly="no" -# spkifp="no" # warnexpiring="1w" # welcomemsg="no"> |
