[ngIRCd-ML] question about strong ciphers

Michiel van Es mve at pragmasec.nl
Sun Sep 1 11:35:31 CEST 2013


Hello,

I am using OpenSSL (1.*) with Ngircd to enforce SSL connections.
Is there a possibility that I can enforce certain ciphers or disable
certain weak ciphers?
The default config allow 56 bits ciphers:

   SSLv3:RC4-MD5 - ENABLED - STRONG 128 bits
   SSLv3:DES-CBC3-SHA - ENABLED - STRONG 168 bits
   SSLv3:CAMELLIA128-SHA - ENABLED - STRONG 128 bits
   SSLv3:RC4-SHA - ENABLED - STRONG 128 bits
   SSLv3:SEED-SHA - ENABLED - STRONG 128 bits
   SSLv3:CAMELLIA256-SHA - ENABLED - STRONG 256 bits
** SSLv3:DES-CBC-SHA - ENABLED - WEAK 56 bits **
   SSLv3:AES128-SHA - ENABLED - STRONG 128 bits
   SSLv3:AES256-SHA - ENABLED - STRONG 256 bits
  Error 20: unable to get local issuer certificate

   TLSv1:RC4-MD5 - ENABLED - STRONG 128 bits
   TLSv1:DES-CBC3-SHA - ENABLED - STRONG 168 bits
   TLSv1:CAMELLIA128-SHA - ENABLED - STRONG 128 bits
   TLSv1:RC4-SHA - ENABLED - STRONG 128 bits
   TLSv1:SEED-SHA - ENABLED - STRONG 128 bits
   TLSv1:CAMELLIA256-SHA - ENABLED - STRONG 256 bits
** TLSv1:DES-CBC-SHA - ENABLED - WEAK 56 bits **
   TLSv1:AES128-SHA - ENABLED - STRONG 128 bits
   TLSv1:AES256-SHA - ENABLED - STRONG 256 bits

Regards,

Michiel


More information about the ngIRCd-ML mailing list