From 96325f913deca16a5dd4b50997a4d0b1777aa370 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= Date: Tue, 4 Nov 2014 20:55:01 +0100 Subject: [PATCH] irc: disable SSLv3 by default in server option "ssl_priorities" (closes #248) --- ChangeLog.asciidoc | 1 + doc/de/autogen/user/irc_options.asciidoc | 2 +- doc/en/autogen/user/irc_options.asciidoc | 2 +- doc/fr/autogen/user/irc_options.asciidoc | 2 +- doc/it/autogen/user/irc_options.asciidoc | 2 +- doc/ja/autogen/user/irc_options.asciidoc | 2 +- doc/pl/autogen/user/irc_options.asciidoc | 2 +- src/plugins/irc/irc-server.c | 2 +- 8 files changed, 8 insertions(+), 7 deletions(-) diff --git a/ChangeLog.asciidoc b/ChangeLog.asciidoc index a0f662f42..c59d75a1b 100644 --- a/ChangeLog.asciidoc +++ b/ChangeLog.asciidoc @@ -27,6 +27,7 @@ http://weechat.org/files/releasenotes/ReleaseNotes-devel.html[release notes] * api: add regex replace feature in function string_eval_expression * api: use microseconds instead of milliseconds in functions util_timeval_diff and util_timeval_add +* irc: disable SSLv3 by default in server option "ssl_priorities" (closes #248) * irc: add support of "extended-join" capability (closes #143, closes #212) * irc: automatically add current channel in command /samode (closes #241) * irc: display own nick changes in server buffer (closes #188) diff --git a/doc/de/autogen/user/irc_options.asciidoc b/doc/de/autogen/user/irc_options.asciidoc index dc52e1c39..8293be55f 100644 --- a/doc/de/autogen/user/irc_options.asciidoc +++ b/doc/de/autogen/user/irc_options.asciidoc @@ -596,7 +596,7 @@ * [[option_irc.server_default.ssl_priorities]] *irc.server_default.ssl_priorities* ** Beschreibung: `Zeichenkette mit Prioritäten für gnutls (für die korrekte Syntax siehe gnutls Dokumentation unter Funktion gnutls_priority_init. Gebräuchliche Zeichenketten sind: "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")` ** Typ: Zeichenkette -** Werte: beliebige Zeichenkette (Standardwert: `"NORMAL"`) +** Werte: beliebige Zeichenkette (Standardwert: `"NORMAL:-VERS-SSL3.0"`) * [[option_irc.server_default.ssl_verify]] *irc.server_default.ssl_verify* ** Beschreibung: `überprüft ob die SSL-Verbindung vertrauenswürdig ist` diff --git a/doc/en/autogen/user/irc_options.asciidoc b/doc/en/autogen/user/irc_options.asciidoc index 3dce49450..5db253cff 100644 --- a/doc/en/autogen/user/irc_options.asciidoc +++ b/doc/en/autogen/user/irc_options.asciidoc @@ -596,7 +596,7 @@ * [[option_irc.server_default.ssl_priorities]] *irc.server_default.ssl_priorities* ** description: `string with priorities for gnutls (for syntax, see documentation of function gnutls_priority_init in gnutls manual, common strings are: "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")` ** type: string -** values: any string (default value: `"NORMAL"`) +** values: any string (default value: `"NORMAL:-VERS-SSL3.0"`) * [[option_irc.server_default.ssl_verify]] *irc.server_default.ssl_verify* ** description: `check that the SSL connection is fully trusted` diff --git a/doc/fr/autogen/user/irc_options.asciidoc b/doc/fr/autogen/user/irc_options.asciidoc index 586c57c13..66a773c93 100644 --- a/doc/fr/autogen/user/irc_options.asciidoc +++ b/doc/fr/autogen/user/irc_options.asciidoc @@ -596,7 +596,7 @@ * [[option_irc.server_default.ssl_priorities]] *irc.server_default.ssl_priorities* ** description: `chaîne avec les priorités pour gnutls (pour la syntaxe, voir la documentation de la fonction gnutls_priority_init du manuel gnutls, les chaînes courantes sont : "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")` ** type: chaîne -** valeurs: toute chaîne (valeur par défaut: `"NORMAL"`) +** valeurs: toute chaîne (valeur par défaut: `"NORMAL:-VERS-SSL3.0"`) * [[option_irc.server_default.ssl_verify]] *irc.server_default.ssl_verify* ** description: `vérifier que la connexion SSL est entièrement de confiance` diff --git a/doc/it/autogen/user/irc_options.asciidoc b/doc/it/autogen/user/irc_options.asciidoc index a21cda8af..6667c34f9 100644 --- a/doc/it/autogen/user/irc_options.asciidoc +++ b/doc/it/autogen/user/irc_options.asciidoc @@ -596,7 +596,7 @@ * [[option_irc.server_default.ssl_priorities]] *irc.server_default.ssl_priorities* ** descrizione: `stringa con le priorità per gnutls (per la sintassi, consultare la documentazione per la funzione gnutls_priority_init nel manuale di gnutls, stringhe comuni sono: "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")` ** tipo: stringa -** valori: qualsiasi stringa (valore predefinito: `"NORMAL"`) +** valori: qualsiasi stringa (valore predefinito: `"NORMAL:-VERS-SSL3.0"`) * [[option_irc.server_default.ssl_verify]] *irc.server_default.ssl_verify* ** descrizione: `verifica che la connessione SSL sia totalmente fidata` diff --git a/doc/ja/autogen/user/irc_options.asciidoc b/doc/ja/autogen/user/irc_options.asciidoc index 7b468910c..b29b62026 100644 --- a/doc/ja/autogen/user/irc_options.asciidoc +++ b/doc/ja/autogen/user/irc_options.asciidoc @@ -596,7 +596,7 @@ * [[option_irc.server_default.ssl_priorities]] *irc.server_default.ssl_priorities* ** 説明: `gnutls の優先度を示した文字列 (構文は、gnutls マニュアルの gnutls_priority_init 関数のドキュメントを参照、通例: "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")` ** タイプ: 文字列 -** 値: 未制約文字列 (デフォルト値: `"NORMAL"`) +** 値: 未制約文字列 (デフォルト値: `"NORMAL:-VERS-SSL3.0"`) * [[option_irc.server_default.ssl_verify]] *irc.server_default.ssl_verify* ** 説明: `SSL 接続が完全に信頼できることを確認` diff --git a/doc/pl/autogen/user/irc_options.asciidoc b/doc/pl/autogen/user/irc_options.asciidoc index ae873a00d..668989a42 100644 --- a/doc/pl/autogen/user/irc_options.asciidoc +++ b/doc/pl/autogen/user/irc_options.asciidoc @@ -596,7 +596,7 @@ * [[option_irc.server_default.ssl_priorities]] *irc.server_default.ssl_priorities* ** opis: `ciąg z priorytetami dla gnutls (składnię można znaleźć w dokumentacji gnutls dla funkcji gnutls_priority_init, często używane ciągi to: "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")` ** typ: ciąg -** wartości: dowolny ciąg (domyślna wartość: `"NORMAL"`) +** wartości: dowolny ciąg (domyślna wartość: `"NORMAL:-VERS-SSL3.0"`) * [[option_irc.server_default.ssl_verify]] *irc.server_default.ssl_verify* ** opis: `sprawdź czy połączenie ssl jest w pełni zaufane` diff --git a/src/plugins/irc/irc-server.c b/src/plugins/irc/irc-server.c index 01b62a0ea..cf8cef15b 100644 --- a/src/plugins/irc/irc-server.c +++ b/src/plugins/irc/irc-server.c @@ -89,7 +89,7 @@ char *irc_server_option_string[IRC_SERVER_NUM_OPTIONS] = char *irc_server_option_default[IRC_SERVER_NUM_OPTIONS] = { "", "", "on", - "off", "", "NORMAL", "2048", "", + "off", "", "NORMAL:-VERS-SSL3.0", "2048", "", "on", "", "", "plain", "", "", "15",