From 87e4302707adc2c9c36d640a8f7571d5e6d0e987 Mon Sep 17 00:00:00 2001
From: Daniel Schneller <ds@danielschneller.de>
Date: Fri, 1 Sep 2017 19:29:57 +0200
Subject: [PATCH] DOC: Refer to Mozilla TLS info / config generator

As per a recent mailing list discussion, suggesting specific cipher
settings is not too helpful, because they depend on a lot of factors,
ranging from client capabilities, available TLS libraries, new
security research, and others.
To avoid the documentation from become stale -- and potentially
wrong/dangerous, this commit adds links to Mozilla's well-reknowned
TLS blog, as well as to their configuration generator.
---
 doc/configuration.txt | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 9f7f9ff3d..7c5c437ce 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -10292,6 +10292,10 @@ ciphers <ciphers>
   negotiated during the SSL/TLS handshake. The format of the string is defined
   in "man 1 ciphers" from OpenSSL man pages, and can be for instance a string
   such as "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" (without quotes).
+  Depending on the compatiblity and security requirements, the list of suitable
+  ciphers depends on a variety of variables. For background information and
+  recommendations see e. g. (https://wiki.mozilla.org/Security/Server_Side_TLS)
+  and (https://mozilla.github.io/server-side-tls/ssl-config-generator/).
 
 crl-file <crlfile>
   This setting is only available when support for OpenSSL was built in. It