1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-03 15:13:13 +02:00

Require TLSv1.2 or later and require a modern cipher with forward secrecy.

This also fixes a bug with OpenSSL 3.x where, when the ircd was
configured to still allow old TLSv1.0 / TLSv1.1, it would still
only allow TLSv1.2+.

But, as said, allowing TLSv1.0/TLSv1.1 is now no longer the default.

See release notes for more information or the documentation at
https://www.unrealircd.org/docs/TLS_Ciphers_and_protocols
This commit is contained in:
Bram Matthys
2022-11-27 16:59:22 +01:00
parent cfea8b32f0
commit ee1f8d84a0
4 changed files with 15 additions and 3 deletions
+1 -1
View File
@@ -275,7 +275,7 @@
/* Default TLS cipherlist (except for TLS1.3, see further down).
* This can be changed via set::ssl::options::ciphers in the config file.
*/
#define UNREALIRCD_DEFAULT_CIPHERS "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-256-GCM-SHA384 TLS13-AES-128-GCM-SHA256 EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA"
#define UNREALIRCD_DEFAULT_CIPHERS "EECDH+CHACHA20 EECDH+AESGCM EECDH+AES+SHA384 EECDH+AES+SHA256"
/* Default TLS 1.3 ciphersuites.
* This can be changed via set::ssl::options::ciphersuites in the config file.