adb9788c89
Document the new default for ssl_ciphers in the man page Related: rhbz#1483970 When handling the FEAT command, check ssl_tlsv1_1 and ssl_tlsv1_2 Patch was written by Martin Sehnoutka Resolves: rhbz#1432054 Disable TLSv1 and TLSv1.1 - enable only TLSv1.2 by default.
32 lines
1.0 KiB
Diff
32 lines
1.0 KiB
Diff
From 2369d1ea5144d525d315aba90da528e7d9bfd1cc Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
|
|
Date: Thu, 21 Dec 2017 14:19:18 +0100
|
|
Subject: [PATCH 41/41] Document the new default for ssl_ciphers in the man
|
|
page
|
|
|
|
Related: rhbz#1483970
|
|
---
|
|
vsftpd.conf.5 | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/vsftpd.conf.5 b/vsftpd.conf.5
|
|
index 3ca55e4..2a7662e 100644
|
|
--- a/vsftpd.conf.5
|
|
+++ b/vsftpd.conf.5
|
|
@@ -1078,7 +1078,11 @@ man page for further details. Note that restricting ciphers can be a useful
|
|
security precaution as it prevents malicious remote parties forcing a cipher
|
|
which they have found problems with.
|
|
|
|
-Default: AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
|
|
+By default, the system-wide crypto policy is used. See
|
|
+.BR update-crypto-policies(8)
|
|
+for further details.
|
|
+
|
|
+Default: PROFILE=SYSTEM
|
|
.TP
|
|
.B user_config_dir
|
|
This powerful option allows the override of any config option specified in
|
|
--
|
|
2.14.3
|
|
|