[ngIRCd-ML] ngIRCd-ML Digest, Vol 95, Issue 1

Michiel van Es mve at pragmasec.nl
Mon Sep 2 17:48:34 CEST 2013


Hi Nathan

I rather want to keep stunnel work arounds out of the options..
It would be a nice feature to add to the new ngircd release ;)

Regards

Michiel

Op 2 sep. 2013 om 16:54 heeft "lists at packetmail.net" <lists at packetmail.net> het volgende geschreven:

> On 09/02/2013 05:00 AM, ngircd-ml-request at arthur.barton.de wrote:
>> I am using OpenSSL (1.*) with Ngircd to enforce SSL connections.
>> Is there a possibility that I can enforce certain ciphers or disable
>> certain weak ciphers?
> 
> Perhaps use the 'stunnel' method for serving ngircd over SSL and disable weak
> ciphers through stunnel's configuration, see http://ngircd.barton.de/doc/SSL.txt
> 
> options = NO_SSLv2
> ciphers = ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
> 
> If you're using RHEL-derived distribution, perhaps enable FIPS mode to disable
> weak ciphers system-wide see section 7.2.1 in the below URL:
> 
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html?
> 
> Cheers,
> Nathan
> 
> _______________________________________________
> 
> ngIRCd Mailing List: ngIRCd-ML at arthur.barton.de
> http://arthur.barton.de/mailman/listinfo/ngircd-ml
> 


More information about the ngIRCd-ML mailing list