TLS Ciphers and protocols

You can configure the permitted SSL/TLS protocols and ciphers using set::ssl::protocols and set::ssl::ciphers. Or, if you want to override these global options, then you can use listen::ssl-options or link::ssl-options for listen- and link-specific configuration.

Default configuration
Below we describe the default configuration. If you want enhanced security (at the cost of client compatibility!) see.

Protocols
UnrealIRCd 4.0.x never permits SSLv2 and SSLv3 connections. The default setting for set::ssl::protocols allows TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3 (when available).

Ciphers
The default setting for UnrealIRCd 4.0.7 - 4.0.13 for set::ssl::ciphers was: EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA

In 4.0.14 this was changed to include TLSv1.3 ciphers (no other changes): TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-128-GCM-SHA256 TLS13-AES-256-GCM-SHA384 EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA

Curves
Starting with UnrealIRCd 4.0.18, the ECDH(E) curves are set via set::ssl::ecdh-curves to: X25519 (if available), secp521r1, secp384r1 and prime256v1.

Rationale
The default configuration is based on the Mozilla SSL Configuration Generator ('Intermediate' compatibility) and two other major sources. The rationale behind this is as follows:
 * Maintain compatability with older clients out of the box (if you don't need this, then check out )
 * Prefer PFS
 * Prefer ChaCha20/Poly1305 over AES because it's resistant against timing attacks even in software implementations
 * Prefer Authenticated encryption such as GCM over CBC due to the various CBC attacks in the past and likely in the future.
 * As for the curves, we prefer X25519 because it is a fast and securely chosen curve from Bernstein, then secp521r1 (least suspicious NIST curve), and finally secp384r1 and prime256v1.

Result
With OpenSSL 1.0.2 this results in (output from cipherscan): prio ciphersuite                  protocols              pfs                 curves 1    ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1,prime256v1 2    ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1,prime256v1 3    ECDHE-RSA-AES256-SHA384      TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1,prime256v1 4    ECDHE-RSA-AES128-SHA256      TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1,prime256v1 5    ECDHE-RSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-521,521bits  secp521r1,secp384r1,prime256v1 6    ECDHE-RSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-521,521bits  secp521r1,secp384r1,prime256v1 7    AES128-GCM-SHA256            TLSv1.2                None                None 8    AES256-GCM-SHA384            TLSv1.2                None                None 9    AES128-SHA256                TLSv1.2                None                None 10   AES256-SHA256                TLSv1.2                None                None 11   AES128-SHA                   TLSv1,TLSv1.1,TLSv1.2  None                None 12   AES256-SHA                   TLSv1,TLSv1.1,TLSv1.2  None                None

As said, we need to provide compatibility out of the box so we still permit non-PFS ciphersuite selection, CBC mode and SHA1.

Over time the default ciphers, protocols and curves list in UnrealIRCd will be adjusted.

More secure setting
If you don't need compatibility with older clients/libraries then use a setting like this: set { ssl { protocols "All,-TLSv1,-TLSv1.1"; /* allow only TLSv1.2 and up */ ciphers "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-128-GCM-SHA256 TLS13-AES-256-GCM-SHA384 EECDH+CHACHA20 EECDH+AESGCM EECDH+AES+SHA384 EECDH+AES+SHA256"; }; }; Unfortunately this will prevent some (rather old) clients from connecting. Also, UnrealIRCd 3.2.x servers would be unable to link to this 4.x.

History

 * Prior to UnrealIRCd 4.0.7 if you did not have a cipher setting it was left up to your OS/Distro (and ultimately OpenSSL/LibreSSL build parameters) as to which algorithms were enabled. In practice this often meant ciphers such as RC4 and 3DES were enabled which is discouraged today.
 * In UnrealIRCd 4.0.14 the cipher list was updated to include TLSv1.3 ciphers. This means as soon as you upgrade your OpenSSL to a version which supports TLSv1.3, UnrealIRCd will be able to use it.
 * In UnrealIRCd 4.0.18 support was added of setting the ECDH(E) curves via the ecdh-curves option and a default was set. Previously this was left over to the SSL library with a fallback to P-256.