[ngIRCd-ML] ngIRCd-ML Digest, Vol 95, Issue 1

lists at packetmail.net lists at packetmail.net
Mon Sep 2 16:54:59 CEST 2013


On 09/02/2013 05:00 AM, ngircd-ml-request at arthur.barton.de wrote:
> I am using OpenSSL (1.*) with Ngircd to enforce SSL connections.
> Is there a possibility that I can enforce certain ciphers or disable
> certain weak ciphers?

Perhaps use the 'stunnel' method for serving ngircd over SSL and disable weak
ciphers through stunnel's configuration, see http://ngircd.barton.de/doc/SSL.txt

options = NO_SSLv2
ciphers = ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

If you're using RHEL-derived distribution, perhaps enable FIPS mode to disable
weak ciphers system-wide see section 7.2.1 in the below URL:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html?

Cheers,
Nathan



More information about the ngIRCd-ML mailing list