On Mon, Feb 28, 2011 at 1:24 PM, Darren Spruell phatbuckett@gmail.com wrote:
I have a use case for an ircd that provides SSL/TLS only service. ngIRCd looks like it will support both SSL and non-SSL encrypted services through the use of 'Ports' and 'SSLPorts' configuration options.
I can use iptables to block connections to the vanilla IRC service port but it seems an option to force SSL/TLS only (or disable non-SSL service) would be more elegant.
Has this scenario been discussed before? Shall I add a bugtraq entry for a feature request to support this capability?
Actually I just ran the server under my desired configuration and noticed that it seems to behave as I wanted, although seemingly different than the documented behavior.
Configuration file:
# Ports on which the server should listen. There may be more than # one port, separated with ",". (Default: 6667) ;Ports = 6667, 6668, 6669
# Additional Listen Ports that expect SSL/TLS encrypted connections SSLPorts = 6697
ngircd --configtest:
[GLOBAL] [...] Listen = ::,0.0.0.0 Ports = SSLPorts = 6697
When I start the server it binds an SSL listener on 6697/tcp and does _not_ bind a listener for the plain irc service port on 6667. I assumed that the behavior of commenting out 'Ports' would cause the server to bind to 6667 by default. This must be related to this configuration from ngircd.conf(5):
Ports Ports on which the server should listen. There may be more than one port, separated with commas (","). Default: 6667, unless SSL_Ports are also specified.
In any case, this is the precise behavior I was looking for. Sorry for the noise.