DOC: Refer to Mozilla TLS info / config generator As per a recent mailing list discussion, suggesting specific cipher settings is not too helpful, because they depend on a lot of factors, ranging from client capabilities, available TLS libraries, new security research, and others. To avoid the documentation from become stale -- and potentially wrong/dangerous, this commit adds links to Mozilla's well-reknowned TLS blog, as well as to their configuration generator.

commit: 87e4302707adc2c9c36d640a8f7571d5e6d0e987 [log] [tgz]
author: Daniel Schneller <ds@danielschneller.de> Fri Sep 01 19:29:57 2017 +0200
committer: Willy Tarreau <w@1wt.eu> Fri Sep 01 19:54:33 2017 +0200
tree: 74f64799fa4dcaa6d0b7b627246f62a4bdeae708
parent: d8703e8cd72ba2579fb41b9529243117a8c7bf55 [diff]
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 9f7f9ff..7c5c437 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -10292,6 +10292,10 @@
   negotiated during the SSL/TLS handshake. The format of the string is defined
   in "man 1 ciphers" from OpenSSL man pages, and can be for instance a string
   such as "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" (without quotes).
+  Depending on the compatiblity and security requirements, the list of suitable
+  ciphers depends on a variety of variables. For background information and
+  recommendations see e. g. (https://wiki.mozilla.org/Security/Server_Side_TLS)
+  and (https://mozilla.github.io/server-side-tls/ssl-config-generator/).
 
 crl-file <crlfile>
   This setting is only available when support for OpenSSL was built in. It
commit	87e4302707adc2c9c36d640a8f7571d5e6d0e987	[log] [tgz]
author	Daniel Schneller <ds@danielschneller.de>	Fri Sep 01 19:29:57 2017 +0200
committer	Willy Tarreau <w@1wt.eu>	Fri Sep 01 19:54:33 2017 +0200
tree	74f64799fa4dcaa6d0b7b627246f62a4bdeae708
parent	d8703e8cd72ba2579fb41b9529243117a8c7bf55 [diff]