doc/reference.conf: add an example TLSv1.3 ciphersuite name

[solanum.git] / doc / reference.conf

diff --git a/doc/reference.conf b/doc/reference.conf
index 5831c8f6e98a479f18e94d34fc8655e00e9bd8b0..7d2bc2e7f66d7517de47227ea7c82a50f55d7219 100644 (file)
--- a/doc/reference.conf
+++ b/doc/reference.conf
@@ -156,7 +156,7 @@ serverinfo {
        ssl_dh_params = "etc/dh.pem";
 
        /* ssl_cipher_list: A list of ciphers, dependent on your TLS backend */
-       #ssl_cipher_list = "EECDH+HIGH:EDH+HIGH:HIGH:!aNULL";
+       #ssl_cipher_list = "TLS_CHACHA20_POLY1305_SHA256:EECDH+HIGH:EDH+HIGH:HIGH:!aNULL";
 
        /* ssld_count: number of ssld processes you want to start, if you
         * have a really busy server, using N-1 where N is the number of
@@ -456,7 +456,8 @@ privset "local_op" {
         *                       channels etc. see /quote help operspy
         * oper:hidden:          hides the oper from /stats p
         * oper:remoteban:       allows remote kline etc
-        * oper:mass_notice:     allows sending wallops and mass notices
+        * oper:mass_notice:     allows sending mass notices
+        * oper:wallops:         allows sending wallops messages
         * oper:grant:           allows using the GRANT command
         * usermode:servnotice:  allows setting +s
         *
@@ -481,7 +482,8 @@ privset "server_bot" {
 privset "global_op" {
        extends = "local_op";
        privs = oper:routing, oper:kline, oper:unkline, oper:xline,
-               oper:resv, oper:cmodes, oper:mass_notice, oper:remoteban;
+               oper:resv, oper:cmodes, oper:mass_notice, oper:wallops,
+               oper:remoteban;
 };
 
 privset "admin" {
@@ -574,16 +576,6 @@ connect "irc.uplink.com" {
        /* port: the port to connect to this server on */
        port = 6666;
 
-       /* hub mask: the mask of servers that this server may hub. Multiple
-        * entries are permitted
-        */
-       hub_mask = "*";
-
-       /* leaf mask: the mask of servers this server may not hub.  Multiple
-        * entries are permitted.  Useful for forbidding EU -> US -> EU routes.
-        */
-       #leaf_mask = "*.uk";
-
        /* class: the class this server is in */
        class = "server";
 
@@ -620,7 +612,6 @@ connect "ssl.uplink.com" {
        send_password = "password";
        accept_password = "anotherpassword";
        port = 9999;
-       hub_mask = "*";
        class = "server";
        flags = ssl, topicburst;
 };
@@ -1189,9 +1180,6 @@ general {
        /* stats c oper only: make stats c (connect {}) oper only */
        stats_c_oper_only = no;
 
-       /* stats h oper only: make stats h (hub_mask/leaf_mask) oper only */
-       stats_h_oper_only = no;
-
        /* stats y oper only: make stats y (class {}) oper only */
        stats_y_oper_only = no;
 
@@ -1416,6 +1404,9 @@ general {
 
        /* hidden_caps: client capabilities we'll pretend we don't support until they're requested */
        #hidden_caps = "userhost-in-names";
+
+       /* oper_secure_only: require TLS on any connection trying to oper up */
+       oper_secure_only = no;
 };
 
 modules {