vulpineawoo/solanum
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

ircd.conf.example: use certfp_method = spki_sha256

Browse source 
SHA1 is insecure. SHA2-512 is a bit long. Hashes of the full certificate
are really impractical and people need to stop using them.
This commit is contained in:
Simon Arlott 2016-04-25 23:52:18 +01:00
parent 5adde7a4ed
commit 7380ded584
No known key found for this signature in database
GPG key ID: C8975F2043CA5D24
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/ircd.conf.example
View file

@ -614,7 +614,7 @@ general {
throttle_count = 4;
max_ratelimit_tokens = 30;
away_interval = 30;
certfp_method = sha1;
certfp_method = spki_sha256;
hide_opers_in_whois = no;
};

2
doc/reference.conf
View file

@ -1410,7 +1410,7 @@ general {
* constant even if the certificate is reissued. These fingerprints will be prefixed with
* "SPKI:SHA2-256:" or "SPKI:SHA2-512:" depending on the hash type.
*/
certfp_method = sha1;
certfp_method = spki_sha256;
/* hide_opers_in_whois: if set to YES, then oper status will be hidden in /WHOIS output. */
hide_opers_in_whois = no;