aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorGravatar Sadie Powell2023-06-25 00:27:27 +0100
committerGravatar Sadie Powell2023-06-25 00:28:43 +0100
commitff15c2c016c796b2001ddd6940f89ef3cf50dfa1 (patch)
tree61dba187773e840d7a5af6a3fa3cf3823bd9fc02 /docs
parentMake Numerics::CannotSendTo properly aware of extbans. (diff)
Document the sslinfo config better.
Diffstat (limited to 'docs')
-rw-r--r--docs/conf/modules.conf.example37
1 files changed, 27 insertions, 10 deletions
diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example
index d6812616c..c631be942 100644
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@@ -2421,17 +2421,34 @@
#
#<module name="sslinfo">
#
-# If you want to prevent users from viewing TLS certificate information
-# and fingerprints of other users, set operonly to yes. You can also set hash
-# to an IANA Hash Function Textual Name to use the SSL fingerprint sent by a
-# WebIRC gateway (requires the cgiirc module), localsecure to allow locally
-# connected connections where TLS is not necessary to be considered secure,
-# spkifp to use a SPKI key fingerprint instead of a client certificate
-# fingerprint and warnexpiring to warn users when their client certificate is
-# about to expire.
-#<sslinfo operonly="no"
-# hash="sha-256"
+#-#-#-#-#-#-#-#-#-#-#-#- SSLINFO CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# hash - The IANA Hash Function Name of the hash algorithm #
+# used for the TLS client fingerprint of WebIRC #
+# gateway users (requires the gateway module). This #
+# should be the same algorithm you specified in the #
+# <sslprofile:hash> field of the TLS profile used for #
+# user connections. #
+# #
+# localsecure - Whether to treat locally-connected plaintext users #
+# as if they are connected with TLS. Defaults to yes. #
+# #
+# operonly - Whether TLS client certificate info is only visible #
+# by server operators. Defaults to no. #
+# #
+# spkifp - Whether to use a Subject Public Key Info (SPKI) #
+# fingerprint instead of a certificate fingerprint #
+# for user TLS client fingerprints. Defaults to no. #
+# #
+# warnexpiring - If specified then the maximum period of validity #
+# that can be left on a user's TLS client certificate #
+# before users are warned about the imminent expiry. #
+# #
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+#
+#<sslinfo hash="sha-256"
# localsecure="yes"
+# operonly="no"
# spkifp="no"
# warnexpiring="1w">