INN commit: branches/2.5 (doc/pod/inn.conf.pod lib/innconf.c)

INN Commit rra at isc.org
Wed Nov 12 20:58:37 UTC 2014


    Date: Wednesday, November 12, 2014 @ 12:58:36
  Author: iulius
Revision: 9747

inn.conf:  Improve documentation about tlsprotocols and tlscompression

Modified:
  branches/2.5/doc/pod/inn.conf.pod
  branches/2.5/lib/innconf.c

----------------------+
 doc/pod/inn.conf.pod |   11 +++++++++--
 lib/innconf.c        |    2 +-
 2 files changed, 10 insertions(+), 3 deletions(-)

Modified: doc/pod/inn.conf.pod
===================================================================
--- doc/pod/inn.conf.pod	2014-11-12 20:56:30 UTC (rev 9746)
+++ doc/pod/inn.conf.pod	2014-11-12 20:58:36 UTC (rev 9747)
@@ -1073,8 +1073,9 @@
 =item I<tlscompression>
 
 Whether to enable or disable SSL/TLS compression support.  This is a
-boolean and the default is true.  (Note that the default value will be
-false in the next major release of INN.)
+boolean and the default is true, that is to say compression is enabled.
+(Note that the default value will be false in the next major release
+of INN.)
 
 =item I<tlspreferserverciphers>
 
@@ -1095,6 +1096,12 @@
 the next major release of INN (using SSLv2 and SSLv3 will be disabled
 by default).
 
+Also note that the listed protocols will be enabled only if the OpenSSL
+library INN has been built with, supports them.  In case OpenSSL supports
+protocols more recent than TLSv1.2, they will be automatically enabled
+(which anyway is fine regarding security, as newer protocols are supposed
+to be more secure).
+
 =back
 
 =head2 Monitoring

Modified: lib/innconf.c
===================================================================
--- lib/innconf.c	2014-11-12 20:56:30 UTC (rev 9746)
+++ lib/innconf.c	2014-11-12 20:58:36 UTC (rev 9747)
@@ -235,7 +235,7 @@
     { K(tlscompression),          BOOL    (true) },
     { K(tlspreferserverciphers),  BOOL   (false) },
     { K(tlsprotocols),            LIST    (NULL) },
-#endif
+#endif /* HAVE_SSL */
 
     /* The following settings are used by nnrpd and rnews. */
     { K(nnrpdposthost),           STRING  (NULL) },



More information about the inn-committers mailing list