ircd.conf.example: use certfp_method = spki_sha256
SHA1 is insecure. SHA2-512 is a bit long. Hashes of the full certificate are really impractical and people need to stop using them.
This commit is contained in:
parent
5adde7a4ed
commit
7380ded584
2 changed files with 2 additions and 2 deletions
|
@ -614,7 +614,7 @@ general {
|
||||||
throttle_count = 4;
|
throttle_count = 4;
|
||||||
max_ratelimit_tokens = 30;
|
max_ratelimit_tokens = 30;
|
||||||
away_interval = 30;
|
away_interval = 30;
|
||||||
certfp_method = sha1;
|
certfp_method = spki_sha256;
|
||||||
hide_opers_in_whois = no;
|
hide_opers_in_whois = no;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1410,7 +1410,7 @@ general {
|
||||||
* constant even if the certificate is reissued. These fingerprints will be prefixed with
|
* constant even if the certificate is reissued. These fingerprints will be prefixed with
|
||||||
* "SPKI:SHA2-256:" or "SPKI:SHA2-512:" depending on the hash type.
|
* "SPKI:SHA2-256:" or "SPKI:SHA2-512:" depending on the hash type.
|
||||||
*/
|
*/
|
||||||
certfp_method = sha1;
|
certfp_method = spki_sha256;
|
||||||
|
|
||||||
/* hide_opers_in_whois: if set to YES, then oper status will be hidden in /WHOIS output. */
|
/* hide_opers_in_whois: if set to YES, then oper status will be hidden in /WHOIS output. */
|
||||||
hide_opers_in_whois = no;
|
hide_opers_in_whois = no;
|
||||||
|
|
Loading…
Reference in a new issue