ircd.conf.example: explain DH parameters size better (closes #68)
This commit is contained in:
parent
dd28e3f2a4
commit
654caa84fb
1 changed files with 6 additions and 1 deletions
|
@ -64,7 +64,12 @@ serverinfo {
|
||||||
/* ssl_cert: certificate for our ssl server */
|
/* ssl_cert: certificate for our ssl server */
|
||||||
ssl_cert = "etc/ssl.pem";
|
ssl_cert = "etc/ssl.pem";
|
||||||
|
|
||||||
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
|
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 2048
|
||||||
|
* In general, the DH parameters size should be the same as your key's size.
|
||||||
|
* However it has been reported that some clients have broken TLS implementations which may
|
||||||
|
* choke on keysizes larger than 2048-bit, so we would recommend using 2048-bit DH parameters
|
||||||
|
* for now if your keys are larger than 2048-bit.
|
||||||
|
*/
|
||||||
ssl_dh_params = "etc/dh.pem";
|
ssl_dh_params = "etc/dh.pem";
|
||||||
|
|
||||||
/* ssld_count: number of ssld processes you want to start, if you
|
/* ssld_count: number of ssld processes you want to start, if you
|
||||||
|
|
Loading…
Reference in a new issue