diff options
| author | 2023-06-25 00:27:27 +0100 | |
|---|---|---|
| committer | 2023-06-25 00:28:43 +0100 | |
| commit | ff15c2c016c796b2001ddd6940f89ef3cf50dfa1 (patch) | |
| tree | 61dba187773e840d7a5af6a3fa3cf3823bd9fc02 /docs | |
| parent | Make Numerics::CannotSendTo properly aware of extbans. (diff) | |
Document the sslinfo config better.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/conf/modules.conf.example | 37 |
1 files changed, 27 insertions, 10 deletions
diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index d6812616c..c631be942 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -2421,17 +2421,34 @@ # #<module name="sslinfo"> # -# If you want to prevent users from viewing TLS certificate information -# and fingerprints of other users, set operonly to yes. You can also set hash -# to an IANA Hash Function Textual Name to use the SSL fingerprint sent by a -# WebIRC gateway (requires the cgiirc module), localsecure to allow locally -# connected connections where TLS is not necessary to be considered secure, -# spkifp to use a SPKI key fingerprint instead of a client certificate -# fingerprint and warnexpiring to warn users when their client certificate is -# about to expire. -#<sslinfo operonly="no" -# hash="sha-256" +#-#-#-#-#-#-#-#-#-#-#-#- SSLINFO CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# +# # +# hash - The IANA Hash Function Name of the hash algorithm # +# used for the TLS client fingerprint of WebIRC # +# gateway users (requires the gateway module). This # +# should be the same algorithm you specified in the # +# <sslprofile:hash> field of the TLS profile used for # +# user connections. # +# # +# localsecure - Whether to treat locally-connected plaintext users # +# as if they are connected with TLS. Defaults to yes. # +# # +# operonly - Whether TLS client certificate info is only visible # +# by server operators. Defaults to no. # +# # +# spkifp - Whether to use a Subject Public Key Info (SPKI) # +# fingerprint instead of a certificate fingerprint # +# for user TLS client fingerprints. Defaults to no. # +# # +# warnexpiring - If specified then the maximum period of validity # +# that can be left on a user's TLS client certificate # +# before users are warned about the imminent expiry. # +# # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# +#<sslinfo hash="sha-256" # localsecure="yes" +# operonly="no" # spkifp="no" # warnexpiring="1w"> |
