[ngIRCd-ML] Support fir OpenSSL CipherList

Michiel van Es mve at pragmasec.nl
Sat Sep 7 19:22:34 CEST 2013


Perhaps this change/improvement can be part of the new release?

Regards

Michiel

Op Sep 7, 2013 om 6:19 PM heeft "lists at packetmail.net" <lists at packetmail.net> het volgende geschreven:

> On 09/07/2013 05:00 AM, ngircd-ml-request at arthur.barton.de wrote:
>> Hi, 
>> 
>>  I attached a fix for the last patch.
>>  - important: verifying CipherLists are applied successfully
>>  - if SSL initialization failes, daemon should exit and not run without SSL
>> 
>>  Q: Is it welcome to provide patches on the ML?
> 
> I certainly appreciate you taking the time to write the patch, correct it, and
> share it again.  This is a feature that I am very happy to see implemented and I
> thank you for taking the time to do this and share with the community.
> 
> It seems I still have the same issue with the latest patch on ngircd-20.3 --
> 
> # patch -p0 < ../ngircd_ssl_cipherlist.patc
> patching file ./doc/sample-ngircd.conf.tmpl
> Hunk #1 succeeded at 237 (offset -23 lines).
> patching file ./src/ngircd/conf.c
> Hunk #1 succeeded at 106 (offset -11 lines).
> Hunk #2 succeeded at 431 (offset -15 lines).
> Hunk #3 succeeded at 1842 with fuzz 2 (offset -32 lines).
> patching file ./src/ngircd/conf.h
> patching file ./src/ngircd/conn-ssl.c
> Hunk #1 succeeded at 275 with fuzz 1 (offset -28 lines).
> patching file ./src/ngircd/ngircd.c
> Hunk #1 succeeded at 671 (offset -2 lines).
> 
> # Log
> Sep  7 11:15:47 localhost ngircd[27467]: /usr/local/etc/ngircd.conf, line 166
> (section "SSL"): Unknown variable "CipherList"!
> Sep  7 11:15:47 localhost ngircd[27467]: ngIRCd
> 20.3-IPv6+IRCPLUS+SSL+SYSLOG+ZLIB-i686/pc/linux-gnu started.
> Sep  7 11:15:47 localhost ngircd[27467]: Using configuration file
> "/usr/local/etc/ngircd.conf" ...
> Sep  7 11:15:47 localhost ngircd[27467]: Configuration option "DHFile" not set!
> Sep  7 11:15:47 localhost ngircd[27467]: SSL using default CipherList
> Sep  7 11:15:47 localhost ngircd[27467]: OpenSSL 1.0.1 14 Mar 2012 initialized.
> 
> # grep -B 10 "CipherList" /usr/local/etc/ngircd.conf
> 
>        # password to decrypt SSLKeyFile (OpenSSL only)
>        ;KeyFilePassword = secret
> 
>        # SSL Server Key Certificate
>        CertFile = /etc/apache2/ssl/ssl.crt
> 
>        # Diffie-Hellman parameters
>        ;DHFile = /usr/local/etc/ngircd/ssl/dhparams.pem
> 
>        # SSL_CipherList.patch, Sep 06 2013
>        CipherList = ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
> 
> Thanks,
> Nathan Fowler
> 
> 
> 
> 
> 
> _______________________________________________
> 
> ngIRCd Mailing List: ngIRCd-ML at arthur.barton.de
> http://arthur.barton.de/mailman/listinfo/ngircd-ml
> 


More information about the ngIRCd-ML mailing list