ircd.conf.example: use certfp_method = spki_sha256

SHA1 is insecure. SHA2-512 is a bit long. Hashes of the full certificate
are really impractical and people need to stop using them.
This commit is contained in:
Simon Arlott 2016-04-25 23:52:18 +01:00
parent 5adde7a4ed
commit 7380ded584
No known key found for this signature in database
GPG key ID: C8975F2043CA5D24
2 changed files with 2 additions and 2 deletions

View file

@ -614,7 +614,7 @@ general {
throttle_count = 4; throttle_count = 4;
max_ratelimit_tokens = 30; max_ratelimit_tokens = 30;
away_interval = 30; away_interval = 30;
certfp_method = sha1; certfp_method = spki_sha256;
hide_opers_in_whois = no; hide_opers_in_whois = no;
}; };

View file

@ -1410,7 +1410,7 @@ general {
* constant even if the certificate is reissued. These fingerprints will be prefixed with * constant even if the certificate is reissued. These fingerprints will be prefixed with
* "SPKI:SHA2-256:" or "SPKI:SHA2-512:" depending on the hash type. * "SPKI:SHA2-256:" or "SPKI:SHA2-512:" depending on the hash type.
*/ */
certfp_method = sha1; certfp_method = spki_sha256;
/* hide_opers_in_whois: if set to YES, then oper status will be hidden in /WHOIS output. */ /* hide_opers_in_whois: if set to YES, then oper status will be hidden in /WHOIS output. */
hide_opers_in_whois = no; hide_opers_in_whois = no;