[ngIRCd-ML] Forcing SSL only listeners

Darren Spruell phatbuckett at gmail.com
Mon Feb 28 22:25:12 CET 2011


On Mon, Feb 28, 2011 at 1:24 PM, Darren Spruell <phatbuckett at gmail.com> wrote:
> I have a use case for an ircd that provides SSL/TLS only service.
> ngIRCd looks like it will support both SSL and non-SSL encrypted
> services through the use of 'Ports' and 'SSLPorts' configuration
> options.
>
> I can use iptables to block connections to the vanilla IRC service
> port but it seems an option to force SSL/TLS only (or disable non-SSL
> service) would be more elegant.
>
> Has this scenario been discussed before? Shall I add a bugtraq entry
> for a feature request to support this capability?

Actually I just ran the server under my desired configuration and
noticed that it seems to behave as I wanted, although seemingly
different than the documented behavior.


Configuration file:

        # Ports on which the server should listen. There may be more than
        # one port, separated with ",". (Default: 6667)
        ;Ports = 6667, 6668, 6669

        # Additional Listen Ports that expect SSL/TLS encrypted connections
        SSLPorts = 6697


ngircd --configtest:

[GLOBAL]
  [...]
  Listen = ::,0.0.0.0
  Ports =
  SSLPorts = 6697


When I start the server it binds an SSL listener on 6697/tcp and does
_not_ bind a listener for the plain irc service port on 6667. I
assumed that the behavior of commenting out 'Ports' would cause the
server to bind to 6667 by default. This must be  related to this
configuration from ngircd.conf(5):

Ports  Ports on which the server should listen. There may be more than
one port, separated with commas (","). Default: 6667, unless SSL_Ports
are also specified.

In any case, this is the precise behavior I was looking for. Sorry for
the noise.

-- 
Darren Spruell
phatbuckett at gmail.com


More information about the ngIRCd-ML mailing list