Always disable SSLv3 support, allow disabling TLSv1.[012].

author: Sadie Powell <sadie@witchery.services> 2024-01-09 21:04:33 +0000
committer: Sadie Powell <sadie@witchery.services> 2024-01-09 21:25:44 +0000
commit: 1e9c6d7931644b6becf05de800d9e74d59df3d2c (patch)
tree: 9b1d7334be249791119c6d357112e16e60f16fcb /data
parent: 5772b924cc11df5981d81afa82809eaf14f8ef91 (diff)
1 files changed, 6 insertions, 5 deletions
diff --git a/data/modules.example.conf b/data/modules.example.conf
index f1706e7b3..fb4f6a6d9 100644
--- a/data/modules.example.conf
+++ b/data/modules.example.conf
@@ -630,12 +630,13 @@ module { name = "m_sasl" }
 	key = "data/privkey.pem"
 
 	/*
-	 * As of 2014 SSL 3.0 is considered insecure, but it might be enabled
-	 * on some systems by default for compatibility reasons.
-	 * You can use the following option to enable or disable it explicitly.
-	 * Leaving this option not set defaults to the default system behavior.
+	 * If you wish to increase security you can disable support for older
+	 * versions of TLS with no known vulnerabilities but that provide less
+	 * security. For your security SSLv2 and SSLv3 are always disabled.
 	 */
-	#sslv3 = no
+	#tlsv10 = no
+	#tlsv11 = no
+	#tlsv12 = yes
 }
 
 /*
author	Sadie Powell <sadie@witchery.services>	2024-01-09 21:04:33 +0000
committer	Sadie Powell <sadie@witchery.services>	2024-01-09 21:25:44 +0000
commit	1e9c6d7931644b6becf05de800d9e74d59df3d2c (patch)
tree	9b1d7334be249791119c6d357112e16e60f16fcb /data
parent	5772b924cc11df5981d81afa82809eaf14f8ef91 (diff)