X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=config;h=6c1aa9d516868279922da2ebcc312f15cff1f2f5;hp=424ca3d75a450e499d001a3821552f78570c4527;hb=e52674334610f4c2a1eb22b095c126527705f314;hpb=87935cc1e0fd40ff5d42606a09956b576ee543b6

diff --git a/config b/config
index 424ca3d7..6c1aa9d5 100644
--- a/config
+++ b/config
@@ -1,6 +1,6 @@
-#        Sample Configuration File for Privoxy 3.0.29
+#        Sample Configuration File for Privoxy 3.0.30
 #
-# Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
+# Copyright (C) 2001-2021 Privoxy Developers https://www.privoxy.org/
 #
 #####################################################################
 #                                                                   #
@@ -15,7 +15,7 @@
 #        4. ACCESS CONTROL AND SECURITY                             #
 #        5. FORWARDING                                              #
 #        6. MISCELLANEOUS                                           #
-#        7. TLS                                                     #
+#        7. HTTPS INSPECTION (EXPERIMENTAL)                         #
 #        8. WINDOWS GUI OPTIONS                                     #
 #                                                                   #
 #####################################################################
@@ -385,6 +385,7 @@ logdir .
 actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
 actionsfile default.action   # Main actions file
 actionsfile user.action      # User customizations
+#regression-tests.action     # Tests for privoxy-regression-test
 #
 #  2.6. filterfile
 #  ================
@@ -569,7 +570,7 @@ logfile logfile
 #
 #        debug     1 # Log the destination for each request. See also debug 1024.
 #        debug     2 # show each connection status
-#        debug     4 # show I/O status
+#        debug     4 # show tagging-related messages
 #        debug     8 # show header parsing
 #        debug    16 # log all data written to the network
 #        debug    32 # debug force feature
@@ -2216,7 +2217,7 @@ socket-timeout 300
 #
 #      Note that sorting headers in an uncommon way will make
 #      fingerprinting actually easier. Encrypted headers are not
-#      affected by this directive.
+#      affected by this directive unless https-inspection is enabled.
 #
 #client-header-order Host \
 #   User-Agent \
@@ -2227,12 +2228,15 @@ socket-timeout 300
 #   Referer \
 #   Cookie \
 #   DNT \
+#   Connection \
+#   Pragma \
+#   Upgrade-Insecure-Requests \
 #   If-Modified-Since \
 #   Cache-Control \
 #   Content-Length \
+#   Origin \
 #   Content-Type
 #
-#
 #  6.16. client-specific-tag
 #  ==========================
 #
@@ -2252,13 +2256,6 @@ socket-timeout 300
 #
 #  Notes:
 #
-#      +-----------------------------------------------------+
-#      |                       Warning                       |
-#      |-----------------------------------------------------|
-#      |This is an experimental feature. The syntax is likely|
-#      |to change in future versions.                        |
-#      +-----------------------------------------------------+
-#
 #      Client-specific tags allow Privoxy admins to create different
 #      profiles and let the users chose which one they want without
 #      impacting other users.
@@ -2287,7 +2284,7 @@ socket-timeout 300
 #      Clients can request tags to be set by using the CGI interface
 #      http://config.privoxy.org/client-tags. The specific tag
 #      description is only used on the web page and should be phrased
-#      in away that the user understand the effect of the tag.
+#      in away that the user understands the effect of the tag.
 #
 #  Examples:
 #
@@ -2295,6 +2292,11 @@ socket-timeout 300
 #          # that are enabled based on CLIENT-TAG patterns.
 #          client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
 #          client-specific-tag disable-content-filters Disable content-filters but do not affect other actions
+#          client-specific-tag overrule-redirects Overrule redirect sections
+#          client-specific-tag allow-cookies Do not crunch cookies in either direction
+#          client-specific-tag change-tor-socks-port Change forward-socks5 settings to use a different Tor socks port (and circuits)
+#          client-specific-tag no-https-inspection Disable HTTPS inspection
+#          client-specific-tag no-tls-verification Don't verify certificates when http-inspection is enabled
 #
 #
 #  6.17. client-tag-lifetime
@@ -2314,13 +2316,6 @@ socket-timeout 300
 #
 #  Notes:
 #
-#      +-----------------------------------------------------+
-#      |                       Warning                       |
-#      |-----------------------------------------------------|
-#      |This is an experimental feature. The syntax is likely|
-#      |to change in future versions.                        |
-#      +-----------------------------------------------------+
-#
 #      In case of some tags users may not want to enable them
 #      permanently, but only for a short amount of time, for example
 #      to circumvent a block that is the result of an overly-broad
@@ -2356,13 +2351,6 @@ socket-timeout 300
 #
 #  Notes:
 #
-#      +-----------------------------------------------------+
-#      |                       Warning                       |
-#      |-----------------------------------------------------|
-#      |This is an experimental feature. The syntax is likely|
-#      |to change in future versions.                        |
-#      +-----------------------------------------------------+
-#
 #      If clients reach Privoxy through another proxy, for example a
 #      load balancer, Privoxy can't tell the client's IP address from
 #      the connection. If multiple clients use the same proxy, they
@@ -2439,8 +2427,14 @@ socket-timeout 300
 #            receive-buffer-size 32768
 #
 #
-#  7. TLS/SSL INSPECTION (EXPERIMENTAL)
-#  =====================================
+#  7. HTTPS INSPECTION (EXPERIMENTAL)
+#  ===================================
+#
+#  HTTPS inspection allows to filter encrypted requests and
+#  responses. This is only supported when Privoxy has been built with
+#  FEATURE_HTTPS_INSPECTION. If you aren't sure if your version
+#  supports it, have a look at http://config.privoxy.org/show-status.
+#
 #
 #  7.1. ca-directory
 #  ==================
@@ -2538,7 +2532,12 @@ socket-timeout 300
 #  Notes:
 #
 #      This directive specifies the name of the CA key file in ".pem"
-#      format. See the ca-cert-file for a command to generate it.
+#      format. The ca-cert-file section contains a command to
+#      generate it.
+#
+#      The CA key is used by Privoxy to sign generated certificates.
+#
+#      Access to the key should be limited to Privoxy.
 #
 #  Example:
 #
@@ -2723,7 +2722,7 @@ socket-timeout 300
 #          AES128-SHA
 #
 #
-#          # Use keywords instead of explicity naming the ciphers (Does not work with MbedTLS)
+#          # Use keywords instead of explicitly naming the ciphers (Does not work with MbedTLS)
 #          cipher-list ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
 #
 #
@@ -2752,8 +2751,9 @@ socket-timeout 300
 #      This directive specifies the trusted CAs file that is used
 #      when validating certificates for intercepted TLS/SSL requests.
 #
-#      An example file can be downloaded from https://curl.haxx.se/ca
-#      /cacert.pem.
+#      An example file can be downloaded from https://curl.se/ca/cacert.pem.
+#      If you want to create the file yourself, please
+#      see: https://curl.se/docs/caextract.html.
 #
 #  Example:
 #