ssl_dh_params = "etc/dh.pem";
/* ssl_cipher_list: A list of ciphers, dependent on your TLS backend */
- #ssl_cipher_list = "EECDH+HIGH:EDH+HIGH:HIGH:!aNULL";
+ #ssl_cipher_list = "TLS_CHACHA20_POLY1305_SHA256:EECDH+HIGH:EDH+HIGH:HIGH:!aNULL";
/* ssld_count: number of ssld processes you want to start, if you
* have a really busy server, using N-1 where N is the number of
* channels etc. see /quote help operspy
* oper:hidden: hides the oper from /stats p
* oper:remoteban: allows remote kline etc
- * oper:mass_notice: allows sending wallops and mass notices
+ * oper:mass_notice: allows sending mass notices
+ * oper:wallops: allows sending wallops messages
* oper:grant: allows using the GRANT command
* usermode:servnotice: allows setting +s
*
privset "global_op" {
extends = "local_op";
privs = oper:routing, oper:kline, oper:unkline, oper:xline,
- oper:resv, oper:cmodes, oper:mass_notice, oper:remoteban;
+ oper:resv, oper:cmodes, oper:mass_notice, oper:wallops,
+ oper:remoteban;
};
privset "admin" {
/* port: the port to connect to this server on */
port = 6666;
- /* hub mask: the mask of servers that this server may hub. Multiple
- * entries are permitted
- */
- hub_mask = "*";
-
- /* leaf mask: the mask of servers this server may not hub. Multiple
- * entries are permitted. Useful for forbidding EU -> US -> EU routes.
- */
- #leaf_mask = "*.uk";
-
/* class: the class this server is in */
class = "server";
send_password = "password";
accept_password = "anotherpassword";
port = 9999;
- hub_mask = "*";
class = "server";
flags = ssl, topicburst;
};
/* stats c oper only: make stats c (connect {}) oper only */
stats_c_oper_only = no;
- /* stats h oper only: make stats h (hub_mask/leaf_mask) oper only */
- stats_h_oper_only = no;
-
/* stats y oper only: make stats y (class {}) oper only */
stats_y_oper_only = no;
/* hidden_caps: client capabilities we'll pretend we don't support until they're requested */
#hidden_caps = "userhost-in-names";
+
+ /* oper_secure_only: require TLS on any connection trying to oper up */
+ oper_secure_only = no;
};
modules {