From 9c4a097d900fb623abeb61d3a58cf58e9c5f383f Mon Sep 17 00:00:00 2001
From: Laurent Bercot <ska-skaware@skarnet.org>
Date: Mon, 20 Nov 2023 05:13:06 +0000
Subject:  Update documentation; make s6-tlsd-io more conservative by default

Signed-off-by: Laurent Bercot <ska@appnovation.com>
---
 doc/s6-tlsd-io.html | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'doc/s6-tlsd-io.html')

diff --git a/doc/s6-tlsd-io.html b/doc/s6-tlsd-io.html
index 55e293f..9d419fd 100644
--- a/doc/s6-tlsd-io.html
+++ b/doc/s6-tlsd-io.html
@@ -89,11 +89,8 @@ call. </li>
 </ul>
 
 <p>
- As a server, <tt>s6-tlsd-io</tt> can be conservative in its
-choice of protocols. It is currently not very conservative
-when using the BearSSL backend; it could become more so in
-the future, by defining a custom server profile that supports
-only TLS-1.2 but with several algorithms and cipher suites.
+ As a server, <tt>s6-tlsd-io</tt> is conservative in its choice of protocols.
+It only supports TLS versions 1.2 and higher as supported by the backend, to avoid downgrade attacks.
 </p>
 
 <h2> Environment variables </h2>
-- 
cgit v1.2.3