Clarify that TLS cipher suites are for TLS 1.2

c66023c7d7
This commit is contained in:
quindecim 2023-04-19 00:47:12 +02:00
parent 0a556a077e
commit a682126617
1 changed files with 2 additions and 4 deletions

View File

@ -207,20 +207,18 @@ dnscrypt_ephemeral_keys = true
# tls_disable_session_tickets = false # tls_disable_session_tickets = false
## DoH: Use a specific cipher suite instead of the server preference ## DoH: Use TLS 1.2 and specific cipher suite instead of the server preference
## 49199 = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ## 49199 = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 ## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 ## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
## 4865 = TLS_AES_128_GCM_SHA256
## 4867 = TLS_CHACHA20_POLY1305_SHA256
## ##
## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...), ## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...),
## the following suite improves performance. ## the following suite improves performance.
## This may also help on Intel CPUs running 32-bit operating systems. ## This may also help on Intel CPUs running 32-bit operating systems.
## ##
## Keep tls_cipher_suite empty if you have issues fetching sources or ## Keep tls_cipher_suite empty if you have issues fetching sources or
## connecting to some DoH servers. Google and Cloudflare are fine with it. ## connecting to some DoH servers.
# tls_cipher_suite = [52392, 49199] # tls_cipher_suite = [52392, 49199]