From 4a51c367fa192adba69fac4bf0305ed38290ef19 Mon Sep 17 00:00:00 2001
From: Luke Bratch <luke@bratch.co.uk>
Date: Thu, 2 Apr 2026 21:09:01 +0200
Subject: Allow configuring the OpenSSL security level, see
 https://docs.openssl.org/master/man3/SSL_CTX_set_security_level/#default-callback-behaviour
 for further details.

---
 config.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'config.c')

diff --git a/config.c b/config.c
index 938b597..2a8db43 100644
--- a/config.c
+++ b/config.c
@@ -406,6 +406,11 @@ int createconfigfile(char *filename) {
   "# If clienttls = \"0\" then this need not be set\n"
   "#keyfile = \"/home/foo/.blabouncer/key.pem\"\n"
   "\n"
+  "# OpenSSL security level, from 0 to 5 at the time of writing, left at the OpenSSL default if undefined,\n"
+  "# see https://docs.openssl.org/master/man3/SSL_CTX_set_security_level/#default-callback-behaviour\n"
+  "# for further details\n"
+  "#sslseclevel = \"2\"\n"
+  "\n"
   "# Enable logging (\"1\" for yes or \"0\" for no)\n"
   "# Logs go to basedir/logs/ with one file per channel/nick\n"
   "logging = \"1\"\n"
-- 
cgit v1.3