-# Define the following to your services server name to improve security
-# by ensuring the SASL messages are only sent to the services server
-# and not to all connected servers. This prevents a rogue server from
-# capturing SASL messages and disables the SASL cap when services is
-# down.
-#<sasl target="services.mynetwork.com">
+
+# You must define <sasl:target> to the name of your services server so
+# that InspIRCd knows where to send SASL authentication messages and
+# when it should enable the SASL capability.
+# You can also define <sasl:requiressl> to require users to use TLS (SSL)
+# in order to be able to use SASL.
+#<sasl target="services.mynetwork.com"
+# requiressl="yes">