Re: [ngIRCd-ML] ngIRCd-ML Digest, Vol 95, Issue 1
On 09/02/2013 05:00 AM, ngircd-ml-request@arthur.barton.de wrote:
I am using OpenSSL (1.*) with Ngircd to enforce SSL connections. Is there a possibility that I can enforce certain ciphers or disable certain weak ciphers?
Perhaps use the 'stunnel' method for serving ngircd over SSL and disable weak ciphers through stunnel's configuration, see http://ngircd.barton.de/doc/SSL.txt options = NO_SSLv2 ciphers = ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP If you're using RHEL-derived distribution, perhaps enable FIPS mode to disable weak ciphers system-wide see section 7.2.1 in the below URL: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/... Cheers, Nathan
Hi Nathan I rather want to keep stunnel work arounds out of the options.. It would be a nice feature to add to the new ngircd release ;) Regards Michiel Op 2 sep. 2013 om 16:54 heeft "lists@packetmail.net" <lists@packetmail.net> het volgende geschreven:
On 09/02/2013 05:00 AM, ngircd-ml-request@arthur.barton.de wrote:
I am using OpenSSL (1.*) with Ngircd to enforce SSL connections. Is there a possibility that I can enforce certain ciphers or disable certain weak ciphers?
Perhaps use the 'stunnel' method for serving ngircd over SSL and disable weak ciphers through stunnel's configuration, see http://ngircd.barton.de/doc/SSL.txt
options = NO_SSLv2 ciphers = ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
If you're using RHEL-derived distribution, perhaps enable FIPS mode to disable weak ciphers system-wide see section 7.2.1 in the below URL:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/...
Cheers, Nathan
_______________________________________________
ngIRCd Mailing List: ngIRCd-ML@arthur.barton.de http://arthur.barton.de/mailman/listinfo/ngircd-ml
Teilnehmer (2)
-
lists@packetmail.net -
Michiel van Es