From ccebfe6e637b420bef05e8e0faf29bb19f1883d9 Mon Sep 17 00:00:00 2001 From: Matt Schatz Date: Sun, 12 Apr 2020 22:56:10 -0600 Subject: Update user-facing text and comments of SSL to TLS. --- docs/conf/helpop.conf.example | 10 ++++----- docs/conf/inspircd.conf.example | 20 +++++++++--------- docs/conf/links.conf.example | 8 ++++---- docs/conf/modules.conf.example | 45 +++++++++++++++++++++-------------------- docs/conf/opers.conf.example | 10 ++++----- 5 files changed, 47 insertions(+), 46 deletions(-) (limited to 'docs/conf') diff --git a/docs/conf/helpop.conf.example b/docs/conf/helpop.conf.example index 7f36006a0..b0de1672c 100644 --- a/docs/conf/helpop.conf.example +++ b/docs/conf/helpop.conf.example @@ -47,7 +47,7 @@ Sends a message to the network service specified in . "> @@ -845,8 +845,8 @@ using their cloak when they quit. (requires the services account module). w Receives wallops messages. x Gives a cloaked hostname (requires the cloaking module). - z Only allow private messages from SSL users (requires the - sslmodes module). + z Only allow private messages from TLS (SSL) users (requires + the sslmodes module). B Marks as a bot (requires the botmode module). D Privdeaf mode. User will not receive any private messages or notices from users (requires the deaf module). @@ -926,7 +926,7 @@ using their cloak when they quit. For example, +w o:R:Brain will op anyone identified to the account 'Brain' on join. (requires the autoop module) - z Blocks non-SSL clients from joining the channel + z Blocks non-TLS (SSL) clients from joining the channel (requires the sslmodes module). A Allows anyone to invite users to the channel @@ -1101,7 +1101,7 @@ Matching extbans: gecosban module). s: Matches users on a matching server (requires the serverban module). - z: Matches users having the given SSL certificate + z: Matches users having the given TLS (SSL) certificate fingerprint (requires the sslmodes module). O: Matches server operators of a matching type, mostly useful as an invite exception (requires the diff --git a/docs/conf/inspircd.conf.example b/docs/conf/inspircd.conf.example index e3d76ff3b..1544666a9 100644 --- a/docs/conf/inspircd.conf.example +++ b/docs/conf/inspircd.conf.example @@ -153,10 +153,10 @@ # to this bind section. type="clients" - # ssl: If you want the port(s) in this bind tag to use SSL, set this to + # ssl: If you want the port(s) in this bind tag to use TLS (SSL), set this to # the name of a custom tag that you have defined or one # of "openssl", "gnutls", "mbedtls" if you have not defined any. See the - # docs page for the SSL module you are using for more details. + # docs page for the TLS (SSL) module you are using for more details. # # You will need to load the ssl_openssl module for OpenSSL, ssl_gnutls # for GnuTLS and ssl_mbedtls for mbedTLS. @@ -211,11 +211,11 @@ # module). # -# You can define a custom tag which defines the SSL configuration -# for this listener. See the docs page for the SSL module you are using for +# You can define a custom tag which defines the TLS (SSL) configuration +# for this listener. See the docs page for the TLS (SSL) module you are using for # more details. # -# Alternatively, you can use one of the default SSL profiles which are created +# Alternatively, you can use one of the default TLS (SSL) profiles which are created # when you have not defined any: # "openssl" (requires the ssl_openssl module) # "gnutls" (requires the ssl_gnutls module) @@ -244,8 +244,8 @@ # Connect blocks are searched twice for each user - once when the TCP # # connection is accepted, and once when the user completes their # # registration. Most of the information (hostname, ident response, # -# password, SSL when using STARTTLS, etc) is only available during # -# the second search, so if you are trying to make a closed server, # +# password, TLS (SSL) when using STARTTLS, etc) is only available # +# during the second search. If you are trying to make a closed server # # you will probably need a connect block just for user registration. # # This can be done by using # @@ -344,10 +344,10 @@ # Requires the ident module to be loaded. #requireident="yes" - # requiressl: Require that users of this block use an SSL connection. - # This can also be set to "trusted", as to only accept certificates + # requiressl: Require that users of this block use a TLS (SSL) connection. + # This can also be set to "trusted", as to only accept client certificates # issued by a certificate authority that you can configure in the - # settings of the SSL module that you're using. + # settings of the TLS (SSL) module that you're using. # Requires the sslinfo module to be loaded. #requiressl="yes" diff --git a/docs/conf/links.conf.example b/docs/conf/links.conf.example index 09b3bb3d5..256ac10f9 100644 --- a/docs/conf/links.conf.example +++ b/docs/conf/links.conf.example @@ -36,10 +36,10 @@ # failover (see above). timeout="5m" - # ssl: If defined, this states the SSL profile that will be used when + # ssl: If defined, this states the TLS (SSL) profile that will be used when # making an outbound connection to the server. Options are the name of an # tag that you have defined or one of "openssl", "gnutls", - # "mbedtls" if you have not defined any. See the docs page for the SSL + # "mbedtls" if you have not defined any. See the docs page for the TLS (SSL) # module you are using for more details. # # You will need to load the ssl_openssl module for OpenSSL, ssl_gnutls @@ -48,9 +48,9 @@ ssl="gnutls" # fingerprint: If defined, this option will force servers to be - # authenticated using SSL certificate fingerprints. See + # authenticated using TLS (SSL) certificate fingerprints. See # https://docs.inspircd.org/3/modules/spanningtree for more information. - # This will require an SSL link for both inbound and outbound connections. + # This will require a TLS (SSL) link for both inbound and outbound connections. #fingerprint="" # bind: Local IP address to bind to. diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index c7a3f7dc7..37492ac09 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -210,7 +210,7 @@ # For example +w o:*!Attila@127.0.0.1 will op anyone matching that mask # on join. This can be combined with extbans, for example +w o:R:Brain # will op anyone identified to the account "Brain". -# Another useful combination is with SSL client certificate +# Another useful combination is with TLS (SSL) client certificate # fingerprints: +w h:z:72db600734bb9546c1bdd02377bc21d2a9690d48 will # give halfop to the user(s) having the given certificate. # @@ -349,7 +349,7 @@ # IRCv3 WebIRC specification at: https://ircv3.net/specs/extensions/webirc.html # # When using this method you must specify a wildcard mask or CIDR range -# to allow gateway connections from and at least one of either a SSL +# to allow gateway connections from and at least one of either a TLS (SSL) # client certificate fingerprint for the gateway or a password to be # sent in the WEBIRC command. # @@ -1951,8 +1951,8 @@ # You must define to the name of your services server so # that InspIRCd knows where to send SASL authentication messages and # when it should enable the SASL capability. -# You can also define to require users to use SSL in -# order to be able to use SASL. +# You can also define to require users to use TLS (SSL) +# in order to be able to use SASL. # @@ -2112,11 +2112,11 @@ # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SSL mode module: Adds support for SSL-only channels via the '+z' -# channel mode, SSL-only private messages via the '+z' user mode and -# the 'z:' extban which matches SSL client certificate fingerprints. +# SSL mode module: Adds support for TLS (SSL)-only channels via the '+z' +# channel mode, TLS (SSL)-only private messages via the '+z' user mode and +# the 'z:' extban which matches TLS (SSL) client certificate fingerprints. # -# Does not do anything useful without a working SSL module and the +# Does not do anything useful without a working TLS (SSL) module and the # sslinfo module (see below). # # @@ -2125,15 +2125,15 @@ # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SSL rehash signal module: Allows the SSL modules to be rehashed by +# SSL rehash signal module: Allows the TLS (SSL) modules to be rehashed by # sending SIGUSR1 to a running InspIRCd process. -# This modules is in extras. Re-run configure with: +# This module is in extras. Re-run configure with: # ./configure --enable-extras sslrehashsignal # and run make install, then uncomment this module to enable it. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# GnuTLS SSL module: Adds support for SSL/TLS connections using GnuTLS, +# GnuTLS SSL module: Adds support for TLS (SSL) connections using GnuTLS, # if enabled. You must answer 'yes' in ./configure when asked or # manually symlink the source for this module from the directory # src/modules/extra, if you want to enable this, or it will not load. @@ -2146,26 +2146,26 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SSL info module: Allows users to retrieve information about other -# users' peer SSL certificates and keys via the SSLINFO command. +# users' peer TLS (SSL) certificates and keys via the SSLINFO command. # This can be used by client scripts to validate users. For this to # work, one of ssl_gnutls, ssl_mbedtls or ssl_openssl must be loaded. # This module also adds the " is using a secure connection" -# and " has client certificate fingerprint " -# WHOIS lines, the ability for opers to use SSL cert fingerprints to -# verify their identity and the ability to force opers to use SSL +# and " has TLS (SSL) client certificate fingerprint " +# WHOIS lines, the ability for opers to use TLS (SSL) cert fingerprints to +# verify their identity and the ability to force opers to use TLS (SSL) # connections in order to oper up. It is highly recommended to load -# this module if you use SSL on your network. +# this module if you use TLS (SSL) on your network. # For how to use the oper features, please see the first # example tag in opers.conf.example. # # # -# If you want to prevent users from viewing SSL certificate information +# If you want to prevent users from viewing TLS (SSL) certificate information # and fingerprints of other users, set operonly to yes. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# mbedTLS SSL module: Adds support for SSL/TLS connections using mbedTLS. +# mbedTLS TLS (SSL) module: Adds support for TLS (SSL) connections using mbedTLS. # # #-#-#-#-#-#-#-#-#-#-#- MBEDTLS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# @@ -2174,7 +2174,7 @@ # https://docs.inspircd.org/3/modules/ssl_mbedtls # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# OpenSSL SSL module: Adds support for SSL/TLS connections using OpenSSL, +# OpenSSL TLS (SSL) module: Adds support for TLS (SSL) connections using OpenSSL, # if enabled. You must answer 'yes' in ./configure when asked or symlink # the source for this module from the directory src/modules/extra, if # you want to enable this, or it will not load. @@ -2246,8 +2246,9 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # StartTLS module: Implements STARTTLS, which allows clients # -# connected to non SSL enabled ports to enable SSL, if a proper SSL # -# module is loaded (either ssl_gnutls, ssl_mbedtls or ssl_openssl). # +# connected to non TLS (SSL) enabled ports to enable TLS (SSL), if # +# a proper TLS (SSL) module is loaded (either ssl_gnutls, # +# ssl_mbedtls or ssl_openssl). # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -2330,7 +2331,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # WebSocket module: Adds HTML5 WebSocket support. # Specify hook="websocket" in a tag to make that port accept -# WebSocket connections. Compatible with SSL/TLS. +# WebSocket connections. Compatible with TLS (SSL). # Requires SHA-1 hash support available in the sha1 module. # # diff --git a/docs/conf/opers.conf.example b/docs/conf/opers.conf.example index dfde001b5..2c5da870a 100644 --- a/docs/conf/opers.conf.example +++ b/docs/conf/opers.conf.example @@ -116,18 +116,18 @@ # a key fingerprint here. This can be obtained by using the /SSLINFO # command while the module is loaded, and is also noticed on connect. # This enhances security by verifying that the person opering up has - # a matching SSL client certificate, which is very difficult to + # a matching TLS (SSL) client certificate, which is very difficult to # forge (impossible unless preimage attacks on the hash exist). # If the sslinfo module isn't loaded, this option will be ignored. #fingerprint="67cb9dc013248a829bb2171ed11becd4" - # autologin: If an SSL certificate fingerprint for this oper is specified, + # autologin: If a TLS (SSL) client certificate fingerprint for this oper is specified, # you can have the oper block automatically log in. This moves all security - # of the oper block to the protection of the client certificate, so be sure + # of the oper block to the protection of the TLS (SSL) client certificate, so be sure # that the private key is well-protected! Requires the sslinfo module. - #autologin="on" + #autologin="yes" - # sslonly: If on, this oper can only oper up if they're using an SSL connection. + # sslonly: If enabled, this oper can only oper up if they're using a TLS (SSL) connection. # Setting this option adds a decent bit of security. Highly recommended # if the oper is on wifi, or specifically, unsecured wifi. Note that it # is redundant to specify this option if you specify a fingerprint. -- cgit v1.2.3