Am 15.10.2014 um 17:47 schrieb Christoph Biedl ngircd.anoy@manchmal.in-ulm.de:
Besides the fact the counterpart for GnuTLS appears to be missing: I'd suggest to do a simple configuration change for the time being,
[…]
diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index 1d07822..b5db1d9 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -259,9 +259,9 @@ # See 'man 1ssl ciphers' (OpenSSL) or 'man 3 gnutls_priority_init' # (GnuTLS) for details. # For OpenSSL:
- ;CipherList = HIGH:!aNULL:@STRENGTH
- ;CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3 # For GnuTLS:
- ;CipherList = SECURE128
;CipherList = SECURE128:-VERS-SSL3.0
# Diffie-Hellman parameters ;DHFile = :ETCDIR:/ssl/dhparams.pem
Please note that you have to REMOVE THE LEADING „;“ character to actually set the „CipherList“ variable! The above only changes the commented example values!
For OpenSSL:
—————> cut here <————— [SSL] CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3 —————> cut here <—————
For GnuTLS:
—————> cut here <————— [SSL] CipherList = SECURE128:-VERS-SSL3.0 —————> cut here <—————
And don’t forget to 1. use „ngircd --configtest“ to make sure ngIRCd parses your configuration as expected and 2. restart ngIRCd (reloading/rehashing is not enough, at least with GnuTLS …)!
Thanks Alex