aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorGravatar Sadie Powell2024-02-19 18:46:05 +0000
committerGravatar Sadie Powell2024-02-19 18:46:05 +0000
commitebd03383f856bfaa72b1700a96561396e6f8f6cc (patch)
tree47651f7a9c8567ae020c6b8750db58a7d3c2da2b /docs
parentFix more issues with the v3 compat layer. (diff)
Allow using multiple SSL fingerprint algorithms.
Closes #1804.
Diffstat (limited to 'docs')
-rw-r--r--docs/conf/modules.conf.example9
1 files changed, 3 insertions, 6 deletions
diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example
index 6e7dafd76..7c19f620d 100644
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@@ -2464,7 +2464,9 @@
# gateway users (requires the gateway module). This #
# should be the same algorithm you specified in the #
# <sslprofile:hash> field of the TLS profile used for #
-# user connections. #
+# user connections. You can prefix the algorithm name #
+# with spki- to use a Subject Public Key Info (SPKI) #
+# fingerprint instead of a certificate fingerprint. #
# #
# localsecure - Whether to treat locally-connected plaintext users #
# as if they are connected with TLS. Defaults to yes. #
@@ -2472,10 +2474,6 @@
# operonly - Whether TLS client certificate info is only visible #
# by server operators. Defaults to no. #
# #
-# spkifp - Whether to use a Subject Public Key Info (SPKI) #
-# fingerprint instead of a certificate fingerprint #
-# for user TLS client fingerprints. Defaults to no. #
-# #
# warnexpiring - If specified then the maximum period of validity #
# that can be left on a user's TLS client certificate #
# before users are warned about the imminent expiry. #
@@ -2489,7 +2487,6 @@
#<sslinfo hash="sha-256"
# localsecure="yes"
# operonly="no"
-# spkifp="no"
# warnexpiring="1w"
# welcomemsg="no">