mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-07-04 00:23:14 +02:00
Require TLSv1.2 or later and require a modern cipher with forward secrecy.
This also fixes a bug with OpenSSL 3.x where, when the ircd was configured to still allow old TLSv1.0 / TLSv1.1, it would still only allow TLSv1.2+. But, as said, allowing TLSv1.0/TLSv1.1 is now no longer the default. See release notes for more information or the documentation at https://www.unrealircd.org/docs/TLS_Ciphers_and_protocols
This commit is contained in:
+1
-1
@@ -1733,7 +1733,7 @@ void config_setdefaultsettings(Configuration *i)
|
||||
safe_strdup(i->tls_options->trusted_ca_file, tmp);
|
||||
safe_strdup(i->tls_options->ciphers, UNREALIRCD_DEFAULT_CIPHERS);
|
||||
safe_strdup(i->tls_options->ciphersuites, UNREALIRCD_DEFAULT_CIPHERSUITES);
|
||||
i->tls_options->protocols = TLS_PROTOCOL_ALL;
|
||||
i->tls_options->protocols = TLS_PROTOCOL_TLSV1_2|TLS_PROTOCOL_TLSV1_3; /* TLSv1.2 & TLSv1.3 */
|
||||
#ifdef HAS_SSL_CTX_SET1_CURVES_LIST
|
||||
safe_strdup(i->tls_options->ecdh_curves, UNREALIRCD_DEFAULT_ECDH_CURVES);
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user