# users that send overly capitalised messages to channels. Unlike the
# blockcaps module this module is more flexible as it has more options
# for punishment and allows channels to configure their own punishment
-# policies.
+# policies.
#<module name="anticaps">
#
# You may also configure the characters which anticaps considers to be
# For example +w o:*!Attila@127.0.0.1 will op anyone matching that mask
# on join. This can be combined with extbans, for example +w o:R:Brain
# will op anyone identified to the account "Brain".
-# Another useful combination is with SSL client certificate
+# Another useful combination is with TLS (SSL) client certificate
# fingerprints: +w h:z:72db600734bb9546c1bdd02377bc21d2a9690d48 will
# give halfop to the user(s) having the given certificate.
#<module name="autoop">
# IRCv3 WebIRC specification at: https://ircv3.net/specs/extensions/webirc.html
#
# When using this method you must specify a wildcard mask or CIDR range
-# to allow gateway connections from and at least one of either a SSL
+# to allow gateway connections from and at least one of either a TLS (SSL)
# client certificate fingerprint for the gateway or a password to be
# sent in the WEBIRC command.
#
# other modules that need it using the libMaxMindDB library. #
# #
# This module is in extras. Re-run configure with: #
-# ./configure --enable-extras=m_geo_maxmind.cpp
+# ./configure --enable-extras geo_maxmind
# and run make install, then uncomment this module to enable it. #
# #
# This module requires libMaxMindDB to be installed on your system. #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 client-to-client tags module: Provides the message-tags IRCv3
-# extension which allows clients to add extra data to their messages.
+# extension which allows clients to add extra data to their messages.
# This is used to support new IRCv3 features such as replies and ids.
#<module name="ircv3_ctctags">
#
# host - A glob match for the SNI hostname to apply this policy to.
# duration - The amount of time that the policy lasts for. Defaults to
-# approximately two months by default.
+# five minutes by default. You should raise this to a month
+# or two once you know that your config is valid.
# port - The port on which TLS connections to the server are being
# accepted. You MUST have a CA-verified certificate on this
# port. Self signed certificates are not acceptable.
# preload - Whether client developers can include your certificate in
# preload lists.
#
-# <sts host="*.example.com" duration="60d" port="6697" preload="yes">
+# <sts host="*.example.com" duration="5m" port="6697" preload="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Join flood module: Adds support for join flood protection +j X:Y.
# LDAP module: Allows other SQL modules to access a LDAP database
# through a unified API.
# This modules is in extras. Re-run configure with:
-# ./configure --enable-extras=m_ldap.cpp
+# ./configure --enable-extras ldap
# and run make install, then uncomment this module to enable it.
#
#<module name="ldap">
# MySQL module: Allows other SQL modules to access MySQL databases
# through a unified API.
# This module is in extras. Re-run configure with:
-# ./configure --enable-extras=m_mysql.cpp
+# ./configure --enable-extras mysql
# and run make install, then uncomment this module to enable it.
#<module name="mysql">
#
# #
# enableumode - If enabled, user mode +O is required for override. #
# #
-#<override noisy="yes" requirekey="no" enableumode="true">
+#<override noisy="yes" requirekey="no" enableumode="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper levels module: Gives each oper a level and prevents actions
# 'saveperiod' determines how often to check if the database needs to be
# saved to disk. Defaults to every five seconds.
#<permchanneldb filename="permchannels.conf"
-# listmodes="true"
+# listmodes="yes"
# saveperiod="5s">
#<include file="permchannels.conf">
#
# PostgreSQL module: Allows other SQL modules to access PgSQL databases
# through a unified API.
# This module is in extras. Re-run configure with:
-# ./configure --enable-extras=m_pgsql.cpp
+# ./configure --enable-extras pgsql
# and run make install, then uncomment this module to enable it.
#<module name="pgsql">
#
# nokicks (+Q) mode is set. Defaults to false.
# protectedrank: Members having this rank or above may not be /REMOVE'd
# by anyone. Set to 0 to disable this feature. Defaults to 50000.
-#<remove supportnokicks="true" protectedrank="50000">
+#<remove supportnokicks="yes" protectedrank="50000">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Repeat module: Allows to block, kick or ban upon similar messages
# Layer via AUTHENTICATE. Note: You also need to have cap loaded
# for SASL to work.
#<module name="sasl">
-# Define the following to your services server name to improve security
-# by ensuring the SASL messages are only sent to the services server
-# and not to all connected servers. This prevents a rogue server from
-# capturing SASL messages and disables the SASL cap when services is
-# down.
-#<sasl target="services.mynetwork.com">
+
+# You must define <sasl:target> to the name of your services server so
+# that InspIRCd knows where to send SASL authentication messages and
+# when it should enable the SASL capability.
+# You can also define <sasl:requiressl> to require users to use TLS (SSL)
+# in order to be able to use SASL.
+#<sasl target="services.mynetwork.com"
+# requiressl="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Secure list module: Prevent /LIST in the first minute of connection,
#<securehost exception="*@*.ircdriven.com">
#<securehost exception="*@*.ircs.me">
# #
-# Define the following variable to change how long a user must wait #
-# before issuing a LIST. If not defined, defaults to 60 seconds. #
+# exemptregistered - Whether the waiting period applies to users who #
+# are logged in to a services account. #
+# Defaults to no. #
+# #
+# showmsg - Whether to tell users that they need to wait for a while #
+# before they can use the /LIST command. #
+# Defaults to no. #
+# #
+# waittime - The time period that a user must be connected for before #
+# they can use the /LIST command. #
+# Defaults to 1 minute. #
# #
-#<securelist waittime="1m"> #
+#<securelist exemptregistered="yes"
+# showmsg="yes"
+# waittime="1m">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Servprotect module: Provides support for Austhex style +k /
# You can optionally let the user know that their command was blocked.
#
# You may also let SHUN affect opers (defaults to no).
-#<shun enabledcommands="ADMIN PING PONG QUIT PART JOIN" notifyuser="yes" affectopers="no">
+#<shun enabledcommands="ADMIN OPER PING PONG QUIT PART JOIN" notifyuser="yes" affectopers="no">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SSL mode module: Adds support for SSL-only channels via the '+z'
-# channel mode, SSL-only private messages via the '+z' user mode and
-# the 'z:' extban which matches SSL client certificate fingerprints.
+# SSL mode module: Adds support for TLS (SSL)-only channels via the '+z'
+# channel mode, TLS (SSL)-only private messages via the '+z' user mode and
+# the 'z:' extban which matches TLS (SSL) client certificate fingerprints.
#
-# Does not do anything useful without a working SSL module and the
+# Does not do anything useful without a working TLS (SSL) module and the
# sslinfo module (see below).
#<module name="sslmodes">
#
#<sslmodes enableumode="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SSL rehash signal module: Allows the SSL modules to be rehashed by
+# SSL rehash signal module: Allows the TLS (SSL) modules to be rehashed by
# sending SIGUSR1 to a running InspIRCd process.
-# This modules is in extras. Re-run configure with:
-# ./configure --enable-extras=m_sslrehashsignal.cpp
+# This module is in extras. Re-run configure with:
+# ./configure --enable-extras sslrehashsignal
# and run make install, then uncomment this module to enable it.
#<module name="sslrehashsignal">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# GnuTLS SSL module: Adds support for SSL/TLS connections using GnuTLS,
+# GnuTLS SSL module: Adds support for TLS (SSL) connections using GnuTLS,
# if enabled. You must answer 'yes' in ./configure when asked or
# manually symlink the source for this module from the directory
# src/modules/extra, if you want to enable this, or it will not load.
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SSL info module: Allows users to retrieve information about other
-# users' peer SSL certificates and keys via the SSLINFO command.
+# users' peer TLS (SSL) certificates and keys via the SSLINFO command.
# This can be used by client scripts to validate users. For this to
# work, one of ssl_gnutls, ssl_mbedtls or ssl_openssl must be loaded.
# This module also adds the "<user> is using a secure connection"
-# and "<user> has client certificate fingerprint <fingerprint>"
-# WHOIS lines, the ability for opers to use SSL cert fingerprints to
-# verify their identity and the ability to force opers to use SSL
+# and "<user> has TLS (SSL) client certificate fingerprint <fingerprint>"
+# WHOIS lines, the ability for opers to use TLS (SSL) cert fingerprints to
+# verify their identity and the ability to force opers to use TLS (SSL)
# connections in order to oper up. It is highly recommended to load
-# this module if you use SSL on your network.
+# this module if you use TLS (SSL) on your network.
# For how to use the oper features, please see the first
# example <oper> tag in opers.conf.example.
#
#<module name="sslinfo">
#
-# If you want to prevent users from viewing SSL certificate information
+# If you want to prevent users from viewing TLS (SSL) certificate information
# and fingerprints of other users, set operonly to yes.
#<sslinfo operonly="no">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# mbedTLS SSL module: Adds support for SSL/TLS connections using mbedTLS.
+# mbedTLS TLS (SSL) module: Adds support for TLS (SSL) connections using mbedTLS.
#<module name="ssl_mbedtls">
#
#-#-#-#-#-#-#-#-#-#-#- MBEDTLS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
# https://docs.inspircd.org/3/modules/ssl_mbedtls #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# OpenSSL SSL module: Adds support for SSL/TLS connections using OpenSSL,
+# OpenSSL TLS (SSL) module: Adds support for TLS (SSL) connections using OpenSSL,
# if enabled. You must answer 'yes' in ./configure when asked or symlink
# the source for this module from the directory src/modules/extra, if
# you want to enable this, or it will not load.
# SQLite3 module: Allows other SQL modules to access SQLite3 #
# databases through a unified API. #
# This module is in extras. Re-run configure with: #
-# ./configure --enable-extras=m_sqlite3.cpp
+# ./configure --enable-extras sqlite3
# and run make install, then uncomment this module to enable it. #
#
#<module name="sqlite3">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# StartTLS module: Implements STARTTLS, which allows clients #
-# connected to non SSL enabled ports to enable SSL, if a proper SSL #
-# module is loaded (either ssl_gnutls, ssl_mbedtls or ssl_openssl). #
+# connected to non TLS (SSL) enabled ports to enable TLS (SSL), if #
+# a proper TLS (SSL) module is loaded (either ssl_gnutls, #
+# ssl_mbedtls or ssl_openssl). #
#<module name="starttls">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# WebSocket module: Adds HTML5 WebSocket support.
# Specify hook="websocket" in a <bind> tag to make that port accept
-# WebSocket connections. Compatible with SSL/TLS.
+# WebSocket connections. Compatible with TLS (SSL).
# Requires SHA-1 hash support available in the sha1 module.
#<module name="websocket">
#
projects / user / henk / code / inspircd.git / blobdiff