diff --git a/include/config.h b/include/config.h index 240ac0800..743dff156 100644 --- a/include/config.h +++ b/include/config.h @@ -437,7 +437,7 @@ /* Default SSL/TLS cipherlist. * This can be changed via set::ssl::options::ciphers in the config file. */ -#define UNREALIRCD_DEFAULT_CIPHERS "EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA" +#define UNREALIRCD_DEFAULT_CIPHERS "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-128-GCM-SHA256 TLS13-AES-256-GCM-SHA384 EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA" /* ------------------------- END CONFIGURATION SECTION -------------------- */ #define MOTD MPATH diff --git a/src/s_conf.c b/src/s_conf.c index 204f45edd..bc179c237 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -7182,9 +7182,17 @@ void test_sslblock(ConfigFile *conf, ConfigEntry *cep, int *totalerrors) else if (!stricmp(name, "TLSv1.3")) option = SSL_PROTOCOL_TLSV1_3; else + { +#ifdef SSL_OP_NO_TLSv1_3 + config_warn("%s:%i: %s: unknown protocol '%s'. " + "Valid protocols are: TLSv1,TLSv1.1,TLSv1.2,TLSv1.3", + cepp->ce_fileptr->cf_filename, cepp->ce_varlinenum, config_var(cepp), name); +#else config_warn("%s:%i: %s: unknown protocol '%s'. " "Valid protocols are: TLSv1,TLSv1.1,TLSv1.2", cepp->ce_fileptr->cf_filename, cepp->ce_varlinenum, config_var(cepp), name); +#endif + } if (option) {