mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-07-03 07:13:13 +02:00
Update default ciphers, or actually only the ones not providing PFS, by
preferring AES-256 over AES-128 (in contrast to the Mozilla "intermediate" profile which prefers AES-128). Again, this only affects non-PFS cases, as all modern clients with PFS already had CHACHA20 and AES-256 negotiated. The portion of non-PFS clients should only be few percent, if any. I was actually considering removing non-PFS ciphersuites but it seems a bit early to do so, at least not without more research on affected clients.
This commit is contained in:
+1
-1
@@ -316,7 +316,7 @@
|
||||
/* Default SSL/TLS cipherlist (except for TLS1.3, see further down).
|
||||
* This can be changed via set::ssl::options::ciphers in the config file.
|
||||
*/
|
||||
#define UNREALIRCD_DEFAULT_CIPHERS "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-128-GCM-SHA256 TLS13-AES-256-GCM-SHA384 EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA"
|
||||
#define UNREALIRCD_DEFAULT_CIPHERS "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-256-GCM-SHA384 TLS13-AES-128-GCM-SHA256 EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA"
|
||||
|
||||
/* Default TLS 1.3 ciphersuites.
|
||||
* This can be changed via set::ssl::options::ciphersuites in the config file.
|
||||
|
||||
Reference in New Issue
Block a user