TLS Ciphers and protocols

You can configure the permitted SSL/TLS protocols and ciphers using set::tls::protocols, set::tls::ciphers and set::tls::options::ciphersuites. Or, if you want to override these global options, then you can use listen::tls-options or link::tls-options for listen- and link-specific configuration.

Default configuration
Below we describe the default configuration. If you want enhanced security (at the cost of client compatibility!) see.

Protocols
The default setting for set::tls::protocols allows TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3 (when available). UnrealIRCd never permit SSLv2 and SSLv3 connections (and it is not possible to allow these).

Ciphers
The default setting for set::tls::ciphers is: EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA

And for TLSv1.3, the default set::tls::ciphersuites is: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256

Curves
The ECDH(E) curves are set via set::tls::ecdh-curves, by default it uses: X25519 (if available), secp521r1, secp384r1 and prime256v1.

Rationale
The default configuration is based on the Mozilla SSL Configuration Generator 'Intermediate' compatibility profile and two other major sources. The rationale behind this is as follows: This deviates from the Mozilla intermediate compatibility profile in some aspects:
 * Maintain compatability with older clients out of the box (if you don't need this, then check out )
 * Prefer PFS
 * Prefer ChaCha20/Poly1305 over AES because it's resistant against timing attacks even in software implementations
 * Prefer AES256 over AES128
 * Prefer Authenticated encryption such as GCM over CBC due to the various CBC attacks in the past and likely in the future.
 * As for the curves, we prefer X25519 because it is a fast and securely chosen curve from Bernstein, then secp521r1 (least suspicious NIST curve), and finally secp384r1 and prime256v1.
 * The Mozilla intermediate profile prefers AES128 over AES256 for reasons of performance and because of unclear security benefits
 * The Mozilla intermediate profile also permits 3DES, we do not
 * Curves: we use stronger and less suspicious curves compared to the Mozilla profiles (which doesn't even set any curves in the intermediate profile and only NIST curves in Modern)

Result
With OpenSSL 1.1.0 this results in (output from cipherscan): prio ciphersuite                  protocols              pfs                 curves 1    ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1,prime256v1 2    ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1,prime256v1 3    ECDHE-RSA-AES256-SHA384      TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1,prime256v1 4    ECDHE-RSA-AES128-SHA256      TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1,prime256v1 5    ECDHE-RSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-521,521bits  secp521r1,secp384r1,prime256v1 6    ECDHE-RSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-521,521bits  secp521r1,secp384r1,prime256v1 7    AES256-GCM-SHA384            TLSv1.2                None                None 8    AES128-GCM-SHA256            TLSv1.2                None                None 9    AES256-SHA256                TLSv1.2                None                None 10   AES128-SHA256                TLSv1.2                None                None 11   AES256-SHA                   TLSv1,TLSv1.1,TLSv1.2  None                None 12   AES128-SHA                   TLSv1,TLSv1.1,TLSv1.2  None                None NOTE: TLS 1.3 is also supported in UnrealIRCd. It is not listed in the above result simply because the cipherscan tool does not test for it at the moment.

As said, we need to provide compatibility out of the box so we still permit non-PFS ciphersuite selection, CBC mode and SHA1.

Over time the default ciphers, protocols and curves list in UnrealIRCd will be adjusted.

More secure setting
If you don't need compatibility with older clients/libraries then use a setting like this: set { ssl { protocols "All,-TLSv1,-TLSv1.1"; /* allow only TLSv1.2 and up */ ciphers "EECDH+CHACHA20 EECDH+AESGCM EECDH+AES+SHA384 EECDH+AES+SHA256"; /* no need to set a ciphersuite "xx"; for TLSv1.3, since it's already secure */ }; }; Unfortunately this will prevent some (rather old) clients from connecting. Also, UnrealIRCd 3.2.x servers would be unable to link to this 4.x.

History
See also: Moving users to TLS
 * Prior to UnrealIRCd 4.0.7 if you did not have a cipher setting it was left up to your OS/Distro (and ultimately OpenSSL/LibreSSL build parameters) as to which algorithms were enabled. In practice this often meant ciphers such as RC4 and 3DES were enabled which is discouraged today.
 * In UnrealIRCd 4.0.14 the cipher list was updated to include TLSv1.3 ciphers. This means as soon as you upgrade your OpenSSL to a version which supports TLSv1.3, UnrealIRCd will be able to use it.
 * In UnrealIRCd 4.0.18 support was added of setting the ECDH(E) curves via the ecdh-curves option and a default was set. Previously this was left over to the SSL library with a fallback to P-256.
 * In UnrealIRCd 4.0.19 support for cipher setting for TLSv1.3 was changed to match OpenSSL specifics.
 * In UnrealIRCd 4.2.2 we reordered AES-128 and AES-256. In practice, most clients (by far) already negotiated either CHACHA20 or AES-256, but now in the remaining case (non-PFS) we prefer AES-256 as well.
 * In UnrealIRCd 5.0.0 there were no changes but we did change the default generated certificate from RSA-4096 to secp384r1