Update documentation; make s6-tlsd-io more conservative by default

Signed-off-by: Laurent Bercot <ska@appnovation.com>
author: Laurent Bercot <ska-skaware@skarnet.org> 2023-11-20 05:13:06 +0000
committer: Laurent Bercot <ska@appnovation.com> 2023-11-20 05:13:06 +0000
commit: 9c4a097d900fb623abeb61d3a58cf58e9c5f383f (patch)
tree: e616efc1b33fcd984d1599b8b7f4473acc2ca779 /doc/s6-tlsd-io.html
parent: 60b4d9d032509de8395b5c8131c36327f020946f (diff)
download: s6-networking-9c4a097d900fb623abeb61d3a58cf58e9c5f383f.tar.xz
1 files changed, 2 insertions, 5 deletions
diff --git a/doc/s6-tlsd-io.html b/doc/s6-tlsd-io.html
index 55e293f..9d419fd 100644
--- a/doc/s6-tlsd-io.html
+++ b/doc/s6-tlsd-io.html
@@ -89,11 +89,8 @@ call. </li>
 </ul>
 
 <p>
- As a server, <tt>s6-tlsd-io</tt> can be conservative in its
-choice of protocols. It is currently not very conservative
-when using the BearSSL backend; it could become more so in
-the future, by defining a custom server profile that supports
-only TLS-1.2 but with several algorithms and cipher suites.
+ As a server, <tt>s6-tlsd-io</tt> is conservative in its choice of protocols.
+It only supports TLS versions 1.2 and higher as supported by the backend, to avoid downgrade attacks.
 </p>
 
 <h2> Environment variables </h2>
author	Laurent Bercot <ska-skaware@skarnet.org>	2023-11-20 05:13:06 +0000
committer	Laurent Bercot <ska@appnovation.com>	2023-11-20 05:13:06 +0000
commit	9c4a097d900fb623abeb61d3a58cf58e9c5f383f (patch)
tree	e616efc1b33fcd984d1599b8b7f4473acc2ca779 /doc/s6-tlsd-io.html
parent	60b4d9d032509de8395b5c8131c36327f020946f (diff)
download	s6-networking-9c4a097d900fb623abeb61d3a58cf58e9c5f383f.tar.xz