DragonIRC Network will be undergoing an IRCD upgrade from v4.0.12 to v4.0.14 (Latest IRCD)
Due to be upgraded on all DragonIRC Network Servers Between October 21st to November 4th (After official Backup and Testing) before implementing a live go ahead.
Notable changes are:
This consists of several SSL/TLS related improvements.
New set::plaintext-policy configuration settings. This defines what happens to users/ircops/servers that are not using SSL/TLS.
Major issues fixed
Minor issues fixed
If you had a link block named irc1.example.net and did an outgoing connect to that server, then the server could introduce himself under a different name, such as irc1.other.net. Not a security issue since all authentication has to be passed, but this could cause confusing autoconnect attempts.
password::sslclientcert did not accept relative paths
Compile problem with LibreSSL (regarding SSL_CTX_get0_param)
set::modes-on-connect: was refusing certain (old) modes like +N
The ssl options 'verify-certificate' and 'no-self-signed' have been removed. Use link::verify-certificate instead. It makes no sense to verify certificates or prevent self signed certificates elsewhere such as in vhost or oper, since there is no hostname to match against.
Weak cipher suites such as 3DES and RC4 are disabled by default but previously you could still enable them through set::ssl::ciphers. Now you can no longer, since there is no legitimate reason to do so.
Update cipher suite to work with TLS 1.3. This ensures you can use TLS 1.3 in UnrealIRCd 4.0.14+ when OpenSSL supports it (in the future).
Bump MODDATA_MAX_CLIENT from 8 to 12: needed if you have a lot of 3rd party modules loaded. Also moved MODDATA_MAX_* to include/config.h
Also Different levels will be shown
Level 0 One or more servers linked insecurely (not using SSL/TLS)
Level 1 Servers are linked with SSL/TLS but at least one of them is not verifying certificates
Level 2 Servers linked with SSL/TLS and certificates are properly verified
We believe in making DragonIRC Network secured as possible by upgrading IRCD to the latest version and keeping our users safe as possible
1 post • Page 1 of 1