|
|
@@ -34,6 +34,25 @@ Certificate location
|
|
|
ngircd.service the daemon will not be able to load the files.
|
|
|
|
|
|
|
|
|
+TLS-based server-server links
|
|
|
+-----------------------------
|
|
|
+When linking two ngircd servers, the connection should be TLS-based for
|
|
|
+obvious reasons. To do so, edit ngircd.conf:
|
|
|
+
|
|
|
+* Enable SSLConnect in each [Server] stanza.
|
|
|
+* Define CAFile in the [SSL] stanza. Note that by default *no*
|
|
|
+ certificate is trusted.
|
|
|
+ If the peers's certificate was signed by one of the well-known
|
|
|
+ certificate authorities: Use the suggested value
|
|
|
+ "/etc/ssl/certs/ca-certificates.crt" and install the ca-certificate
|
|
|
+ package.
|
|
|
+ Else set the value to the respective CA's certificate file.
|
|
|
+
|
|
|
+Verfication can be disabled entirely on a per-link base by setting
|
|
|
+SSLVerify to false. This is strongly discouraged as you will lose all
|
|
|
+security by that.
|
|
|
+
|
|
|
+
|
|
|
DH parameters file
|
|
|
------------------
|
|
|
It is suggested to create a DH params file. If missing, ngIRCd will
|
Christoph Biedl