From 327bacd3687f307a5f8586856a94b16c9e4370bf Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Wed, 19 Feb 2020 09:58:47 +0000 Subject: Lower to 5m to prevent misconfigs denying access. --- docs/conf/modules.conf.example | 5 +++-- src/modules/m_ircv3_sts.cpp | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index ae32bb0e0..ad2b9ca8a 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -1224,14 +1224,15 @@ # # host - A glob match for the SNI hostname to apply this policy to. # duration - The amount of time that the policy lasts for. Defaults to -# approximately two months by default. +# five minutes by default. You should raise this to a month +# or two once you know that your config is valid. # port - The port on which TLS connections to the server are being # accepted. You MUST have a CA-verified certificate on this # port. Self signed certificates are not acceptable. # preload - Whether client developers can include your certificate in # preload lists. # -# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Join flood module: Adds support for join flood protection +j X:Y. diff --git a/src/modules/m_ircv3_sts.cpp b/src/modules/m_ircv3_sts.cpp index 86ea159c1..4d2839062 100644 --- a/src/modules/m_ircv3_sts.cpp +++ b/src/modules/m_ircv3_sts.cpp @@ -171,7 +171,7 @@ class ModuleIRCv3STS : public Module if (!HasValidSSLPort(port)) throw ModuleException(" must be a TLS port, at " + tag->getTagLocation()); - unsigned long duration = tag->getDuration("duration", 60*60*24*30*2); + unsigned long duration = tag->getDuration("duration", 5*60, 60); bool preload = tag->getBool("preload"); cap.SetPolicy(host, duration, port, preload); -- cgit v1.2.3