From a6821266174250444d81dbbc5551df1fb68c7586 Mon Sep 17 00:00:00 2001
From: quindecim <49964366+quindecim@users.noreply.github.com>
Date: Wed, 19 Apr 2023 00:47:12 +0200
Subject: [PATCH] Clarify that TLS cipher suites are for TLS 1.2

https://github.com/DNSCrypt/dnscrypt-proxy/commit/c66023c7d78d088b264cd57bbd2be41dffc557c2
---
 config/dnscrypt-proxy.toml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/config/dnscrypt-proxy.toml b/config/dnscrypt-proxy.toml
index fbf5280..205c28d 100644
--- a/config/dnscrypt-proxy.toml
+++ b/config/dnscrypt-proxy.toml
@@ -207,20 +207,18 @@ dnscrypt_ephemeral_keys = true
 # tls_disable_session_tickets = false
 
 
-## DoH: Use a specific cipher suite instead of the server preference
+## DoH: Use TLS 1.2 and specific cipher suite instead of the server preference
 ## 49199 = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 ## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 ## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
 ## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-##  4865 = TLS_AES_128_GCM_SHA256
-##  4867 = TLS_CHACHA20_POLY1305_SHA256
 ##
 ## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...),
 ## the following suite improves performance.
 ## This may also help on Intel CPUs running 32-bit operating systems.
 ##
 ## Keep tls_cipher_suite empty if you have issues fetching sources or
-## connecting to some DoH servers. Google and Cloudflare are fine with it.
+## connecting to some DoH servers.
 
 # tls_cipher_suite = [52392, 49199]