mention ciphers settings in documentation, minor sync of missing config settings

Signed-off-by: Abilio Marques <abiliojr@gmail.com>

man/mosquitto.conf.5.xml

@@ -2006,6 +2006,24 @@ topic clients/total in 0 test/mosquitto/org/ $SYS/broker/
 					<para>Defaults to <replaceable>true</replaceable>.</para>
 				</listitem>
 			</varlistentry>
+			<varlistentry>
+				<term><option>bridge_reload_type</option> [ lazy | immediate ]</term>
+				<listitem>
+					<para>If you change bridge options in the configuration file,
+					those configuration changes are applied during a bridge
+					reconnection. The <option>bridge_reload_type</option> option
+					determines when that reconnection happens, and can be set to either
+					<replaceable>lazy</replaceable> or <replaceable>immediate</replaceable>.</para>
+
+					<para><replaceable>lazy</replaceable> is the default, and means
+					that any connected bridge will remain in its current state until
+					a natural reconnection happens, at which point the new configuration
+					will be used.</para>
+
+					<para><replaceable>immediate</replaceable> forces a reconnection and so
+					uses the new configuration straight away.</para>
+				</listitem>
+			</varlistentry>
 		</variablelist>
 		<refsect2>
 			<title>SSL/TLS Support</title>
@@ -2107,24 +2125,6 @@ topic clients/total in 0 test/mosquitto/org/ $SYS/broker/
 							can be used on one bridge at once.</para>
 					</listitem>
 				</varlistentry>
-				<varlistentry>
-					<term><option>bridge_reload_type</option> [ lazy | immediate ]</term>
-					<listitem>
-						<para>If you change bridge options in the configuration file,
-						those configuration changes are applied during a bridge
-						reconnection. The <option>bridge_reload_type</option> option
-						determines when that reconnection happens, and can be set to either
-						<replaceable>lazy</replaceable> or <replaceable>immediate</replaceable>.</para>
-
-						<para><replaceable>lazy</replaceable> is the default, and means
-						that any connected bridge will remain in its current state until
-						a natural reconnection happens, at which point the new configuration
-						will be used.</para>
-
-						<para><replaceable>immediate</replaceable> forces a reconnection and so
-						uses the new configuration straight away.</para>
-					</listitem>
-				</varlistentry>
 				<varlistentry>
 					<term><option>bridge_require_ocsp</option> [ true | false ]</term>
 					<listitem>
@@ -2145,6 +2145,27 @@ topic clients/total in 0 test/mosquitto/org/ $SYS/broker/
 							connection to succeed.</para>
 					</listitem>
 				</varlistentry>
+				<varlistentry>
+					<term><option>bridge_ciphers</option> <replaceable>cipher:list</replaceable></term>
+					<listitem>
+						<para>
+							The list of allowed ciphers for this bridge, for
+							TLS v1.2 and earlier only, each separated with
+							a colon. Available ciphers can be obtained using
+							the "openssl ciphers" command.
+						</para>
+					</listitem>
+				</varlistentry>
+				<varlistentry>
+					<term><option>bridge_ciphers_tls1.3</option> <replaceable>cipher:list</replaceable></term>
+					<listitem>
+						<para>
+							The list of allowed ciphersuites for this bridge,
+							for TLS v1.3, each separated with a colon.
+						</para>
+					</listitem>
+				</varlistentry>
+				<varlistentry>
 			</variablelist>
 		</refsect2>
 	</refsect1>

mosquitto.conf

@@ -300,6 +300,10 @@
 # Path to the PEM encoded keyfile.
 #keyfile
 
+# Configure the minimum version of the TLS protocol to be used for this listener.
+# Possible values are tlsv1.3, tlsv1.2 and tlsv1.1.
+#tls_version tlsv1.2
+
 # If you wish to control which encryption ciphers are used, use the ciphers
 # option. The list of available ciphers can be optained using the "openssl
 # ciphers" command and should be provided in the same format as the output of
@@ -878,6 +882,9 @@
 # requested. Note that WebSockets support for bridges is not yet available.
 #bridge_alpn
 
+# Require the use of Online Certificate Status Protocol (OCSP) for this bridge
+#bridge_require_ocsp false
+
 # When using certificate based encryption, bridge_insecure disables
 # verification of the server hostname in the server certificate. This can be
 # useful when testing initial server configurations, but makes it possible for
@@ -893,6 +900,22 @@
 # Path to the PEM encoded client private key, if required by the remote broker.
 #bridge_keyfile
 
+# Configure the version of the TLS protocol to be used for this bridge.
+# Possible values are tlsv1.3, tlsv1.2 and tlsv1.1. Defaults to tlsv1.2.
+# The remote broker must support the same version of TLS for the connection to succeed.
+#bridge_tls_version
+
+# If you wish to control which encryption ciphers are used, use the ciphers
+# option. The list of available ciphers can be optained using the "openssl
+# ciphers" command and should be provided in the same format as the output of
+# that command. This applies to TLS 1.2 and earlier versions only. Use
+# bridge_ciphers_tls1.3 for TLS v1.3.
+#bridge_ciphers
+
+# Choose which TLS v1.3 ciphersuites are used for this bridge.
+# Defaults to "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
+#bridge_ciphers_tls1.3
+
 # -----------------------------------------------------------------
 # PSK based SSL/TLS support
 # -----------------------------------------------------------------