diff options
| -rw-r--r-- | doc/src/sgml/config.sgml | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 239dbf97ba6..74bb25ae16e 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1056,11 +1056,14 @@ include_dir 'conf.d' </term> <listitem> <para> - Specifies a list of <acronym>SSL</> cipher suites that are allowed to be - used on secure connections. See - the <citerefentry><refentrytitle>ciphers</></citerefentry> manual page - in the <application>OpenSSL</> package for the syntax of this setting - and a list of supported values. The default value is + Specifies a list of <acronym>SSL</> cipher suites that are + allowed to be used by SSL connections. See the + <citerefentry><refentrytitle>ciphers</></citerefentry> + manual page in the <application>OpenSSL</> package for the + syntax of this setting and a list of supported values. Only + connections using TLS version 1.2 and lower are affected. There is + currently no setting that controls the cipher choices used by TLS + version 1.3 connections. The default value is <literal>HIGH:MEDIUM:+3DES:!aNULL</>. It is usually reasonable, unless you have specific security requirements. This parameter can only be set at server start. |