move ssl.disable-client-renegotiation and added note that it currently doesnt work inside conditionals

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2889 152afb58-edef-0310-8abb-c4023f1b3aa9

doc/config/lighttpd.conf

@@ -391,6 +391,14 @@ server.upload-dirs = ( "/var/tmp" )
 ## hosting with SSL. If you want to run multiple SSL servers with
 ## one lighttpd instance you must use IP-based virtual hosting: ::
 ##
+## Mitigate CVE-2009-3555 by disabling client triggered renegotation
+## This is enabled by default.
+##
+## IMPORTANT: this setting can only be used in the global scope.
+## It does *not* work inside conditionals
+##
+#   ssl.disable-client-renegotiation = "enable"
+##
 ##   $SERVER["socket"] == "10.0.0.1:443" {
 ##     ssl.engine                  = "enable"
 ##     ssl.pemfile                 = "/etc/ssl/private/www.example.com.pem"
@@ -408,11 +416,6 @@ server.upload-dirs = ( "/var/tmp" )
 ##     #
 ##     # ssl.honor-cipher-order = "enable"
 ##     #
-##     # Mitigate CVE-2009-3555 by disabling client triggered renegotation
-##     # This is enabled by default.
-##     #
-##     # ssl.disable-client-renegotiation = "enable"
-##     #
 ##     server.name                 = "www.example.com"
 ##
 ##     server.document-root        = "/srv/www/vhosts/example.com/www/"