summaryrefslogtreecommitdiff
path: root/data/default_config.cfg
diff options
context:
space:
mode:
authorMathieu Pasquet <mathieui@mathieui.net>2014-01-15 18:28:23 +0100
committermathieui <mathieui@mathieui.net>2014-02-13 00:50:32 +0100
commit05a9e03d5392103e2e17b0d3da58532ef5b3f671 (patch)
tree7123242ce8f943ee4f98e2a6dbf44e15cb1ca906 /data/default_config.cfg
parent7e3efccb537ae11e9550ddf14ea6ca4ba472804a (diff)
downloadpoezio-05a9e03d5392103e2e17b0d3da58532ef5b3f671.tar.gz
poezio-05a9e03d5392103e2e17b0d3da58532ef5b3f671.tar.bz2
poezio-05a9e03d5392103e2e17b0d3da58532ef5b3f671.tar.xz
poezio-05a9e03d5392103e2e17b0d3da58532ef5b3f671.zip
Add a configurable way of setting cipher suites
And put reasonable defaults
Diffstat (limited to 'data/default_config.cfg')
-rw-r--r--data/default_config.cfg10
1 files changed, 8 insertions, 2 deletions
diff --git a/data/default_config.cfg b/data/default_config.cfg
index ace8907a..17d74745 100644
--- a/data/default_config.cfg
+++ b/data/default_config.cfg
@@ -41,11 +41,17 @@ resource =
# Make sure the server you're using accepts anonymous authentication
server = anon.jeproteste.info
-# SSL Certificate fingerprint
+# TLS Certificate fingerprint
# Do not touch this if you don’t know what you are doing
certificate =
-# Skip the SSL certificate fingerprint verification
+# List of ciphers allowed when connecting to the server,
+# this list prioritizes forward secrecy and forbids anything
+# weaker than 128 bits.
+# You should probably leave it as it is
+ciphers = HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL
+
+# Skip the TLS certificate fingerprint verification
# Should be false in most cases, as you want to check that the server keeps
# the same certificate.
ignore_certificate = false