Tip of the day: Almost every channel mode can be disabled. Don't like halfops? Use blacklist-module chanmodes/halfop;

TLS Ciphers and protocols

From UnrealIRCd documentation wiki
Jump to navigation Jump to search

You can configure the permitted SSL/TLS protocols and ciphers using set::tls::protocols, set::tls::ciphers and set::tls::options::ciphersuites. Or, if you want to override these global options, then you can use listen::tls-options or link::tls-options for listen- and link-specific configuration.

Default configuration[edit]

The default configuration in UnrealIRCd 6.0.5 looks like this:

set {
    protocols "TLSv1.2,TLSv1.3";
    ciphers "EECDH+CHACHA20 EECDH+AESGCM EECDH+AES+SHA384 EECDH+AES+SHA256";
    ciphersuites "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256";
    ecdh-curves "secp521r1,secp384r1,prime256v1";
};

NOTE: There is no need to copy-paste this to your config file as this is already the default!

Result[edit]

With OpenSSL 3.0.7 this results in (output from cipherscan):

prio  ciphersuite                    protocols  pfs                 curves
1     ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
2     ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
3     ECDHE-ECDSA-AES256-SHA384      TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
4     ECDHE-ECDSA-AES128-SHA256      TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1

NOTE 1: This seems to omit the ECDHE-ECDSA-CHACHA20-POLY1305 ciphers that are also supported.

NOTE 2: TLS 1.3 is also supported in UnrealIRCd. It is not listed in the above result simply because the cipherscan tool does not test for it at the moment[1].

Rationale[edit]

By default we:

  • Require protocol TLSv1.2 or higher
  • Only allows ciphers with Forward Secrecy
  • Use secure and randomly chosen ECDH curves

These minimum requirements can be met by these TLS client libraries:

  • OpenSSL 1.0.1 (released in 2012): for example first used in Fedora 18 (2013), Debian 7 (2013), Ubuntu 14.04 (2014)
  • GnuTLS 3.2.6 (2013): for example used in Ubuntu 16.0.4 (2016)
  • Android 4.4.2 (2013)

Previous less secure setting[edit]

The default settings as of UnrealIRCd 6.0.5+ work with these minimum versions of popular TLS client libraries: OpenSSL 1.0.1 (released in 2012), GnuTLS 3.2.6 (2013), Android 4.4.2 (2013).

If you need to permit clients that use an TLS library that is more than 10+ years old, then you have to downgrade the security a bit and revert to these old settings:

set {
    tls {
        protocols "All"; /* TLSv1.0 or later */
        ciphers "EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA";
    };
};

History[edit]

See also: Moving users to TLS

  • Prior to UnrealIRCd 4.0.7 if you did not have a cipher setting it was left up to your OS/Distro (and ultimately OpenSSL/LibreSSL build parameters) as to which algorithms were enabled. In practice this often meant ciphers such as RC4 and 3DES were enabled which is discouraged today.
  • In UnrealIRCd 4.0.14 the cipher list was updated to include TLSv1.3 ciphers. This means as soon as you upgrade your OpenSSL to a version which supports TLSv1.3, UnrealIRCd will be able to use it.
  • In UnrealIRCd 4.0.18 support was added of setting the ECDH(E) curves via the ecdh-curves option and a default was set. Previously this was left over to the SSL library with a fallback to P-256.
  • In UnrealIRCd 4.0.19 support for cipher setting for TLSv1.3 was changed to match OpenSSL specifics.
  • In UnrealIRCd 4.2.2 we reordered AES-128 and AES-256. In practice, most clients (by far) already negotiated either CHACHA20 or AES-256, but now in the remaining case (non-PFS) we prefer AES-256 as well.
  • In UnrealIRCd 5.0.0 there were no changes but we did change the default generated certificate from RSA-4096 to secp384r1
  • In UnrealIRCd 6.0.5 the requirements changed to TLSv1.2 or later and a cipher with Forward Secrecy (ECDHE). This was previously in a section called A more secure setting but is now the default. The old default is now documented under Previous less secure setting.