From 654caa84fb0366c6ca057ba068c33f2f45eff6ff Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Wed, 18 Feb 2015 12:35:34 -0600
Subject: [PATCH] ircd.conf.example: explain DH parameters size better (closes
 #68)

---
 doc/ircd.conf.example | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/doc/ircd.conf.example b/doc/ircd.conf.example
index 28a926ab..c184b7b6 100755
--- a/doc/ircd.conf.example
+++ b/doc/ircd.conf.example
@@ -64,7 +64,12 @@ serverinfo {
 	/* ssl_cert: certificate for our ssl server */
 	ssl_cert = "etc/ssl.pem";
 
-	/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
+	/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 2048
+	 * In general, the DH parameters size should be the same as your key's size.
+	 * However it has been reported that some clients have broken TLS implementations which may
+	 * choke on keysizes larger than 2048-bit, so we would recommend using 2048-bit DH parameters
+	 * for now if your keys are larger than 2048-bit.
+	 */
 	ssl_dh_params = "etc/dh.pem";
 
 	/* ssld_count: number of ssld processes you want to start, if you