On Mon, Feb 28, 2011 at 1:24 PM, Darren Spruell phatbuckett@gmail.com wrote:

I have a use case for an ircd that provides SSL/TLS only service. ngIRCd looks like it will support both SSL and non-SSL encrypted services through the use of 'Ports' and 'SSLPorts' configuration options.

I can use iptables to block connections to the vanilla IRC service port but it seems an option to force SSL/TLS only (or disable non-SSL service) would be more elegant.

Has this scenario been discussed before? Shall I add a bugtraq entry for a feature request to support this capability?

Actually I just ran the server under my desired configuration and noticed that it seems to behave as I wanted, although seemingly different than the documented behavior.

Configuration file:

# Ports on which the server should listen. There may be more than # one port, separated with ",". (Default: 6667) ;Ports = 6667, 6668, 6669

# Additional Listen Ports that expect SSL/TLS encrypted connections SSLPorts = 6697

ngircd --configtest:

[GLOBAL] [...] Listen = ::,0.0.0.0 Ports = SSLPorts = 6697

When I start the server it binds an SSL listener on 6697/tcp and does _not_ bind a listener for the plain irc service port on 6667. I assumed that the behavior of commenting out 'Ports' would cause the server to bind to 6667 by default. This must be related to this configuration from ngircd.conf(5):

Ports Ports on which the server should listen. There may be more than one port, separated with commas (","). Default: 6667, unless SSL_Ports are also specified.

In any case, this is the precise behavior I was looking for. Sorry for the noise.