On Mon, Feb 28, 2011 at 1:24 PM, Darren Spruell <phatbuckett@gmail.com> wrote:

I have a use case for an ircd that provides SSL/TLS only service. ngIRCd looks like it will support both SSL and non-SSL encrypted services through the use of 'Ports' and 'SSLPorts' configuration options.

I can use iptables to block connections to the vanilla IRC service port but it seems an option to force SSL/TLS only (or disable non-SSL service) would be more elegant.

Has this scenario been discussed before? Shall I add a bugtraq entry for a feature request to support this capability?

Actually I just ran the server under my desired configuration and noticed that it seems to behave as I wanted, although seemingly different than the documented behavior. Configuration file: # Ports on which the server should listen. There may be more than # one port, separated with ",". (Default: 6667) ;Ports = 6667, 6668, 6669 # Additional Listen Ports that expect SSL/TLS encrypted connections SSLPorts = 6697 ngircd --configtest: [GLOBAL] [...] Listen = ::,0.0.0.0 Ports = SSLPorts = 6697 When I start the server it binds an SSL listener on 6697/tcp and does _not_ bind a listener for the plain irc service port on 6667. I assumed that the behavior of commenting out 'Ports' would cause the server to bind to 6667 by default. This must be related to this configuration from ngircd.conf(5): Ports Ports on which the server should listen. There may be more than one port, separated with commas (","). Default: 6667, unless SSL_Ports are also specified. In any case, this is the precise behavior I was looking for. Sorry for the noise. -- Darren Spruell phatbuckett@gmail.com