From fac07b2e5a11d12be87ed07055b4944ce01fad09 Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela.suomalainen@outlook.com>
Date: Sat, 20 Dec 2014 12:44:18 +0200
Subject: [PATCH] sasl.cpp: don't advertise DH-* as secure

They were removed from Atheme, because people thought them to be more
secure than PLAIN + SSL, so ZNC shouldn't advertise them as secure.

I think that DH-AES and DH-BLOWFISH should say something about not being
widely supported, but I am not sure what. Newer Atheme doesn't support
it and with Anope they are optional unlike PLAIN and EXTERNAL that are
in their SASL core.
---
 modules/sasl.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/sasl.cpp b/modules/sasl.cpp
index bc1a7966..ef6763b2 100644
--- a/modules/sasl.cpp
+++ b/modules/sasl.cpp
@@ -28,10 +28,10 @@ static const struct {
 } SupportedMechanisms[] = {
 	{ "EXTERNAL",           "TLS certificate, for use with the *cert module", false },
 #ifdef HAVE_SASL_MECHANISM
-	{ "DH-BLOWFISH",        "Secure negotiation using the DH-BLOWFISH mechanism", false },
-	{ "DH-AES",		"More secure negotiation using the DH-AES mechanism", false },
+	{ "DH-BLOWFISH",        "Negotiation using the DH-BLOWFISH mechanism", false },
+	{ "DH-AES",		"Negotiation using the DH-AES mechanism", false },
 #endif
-	{ "PLAIN",              "Plain text negotiation", true },
+	{ "PLAIN",              "Plain text negotiation, this should work always if the network supports SASL", true },
 	{ NULL, NULL, false }
 };