about summary refs log tree commit diff
path: root/handle.c
diff options
context:
space:
mode:
authorKlemens Nanni <klemens@posteo.de>2021-06-20 14:42:10 +0000
committerJune McEnroe <june@causal.agency>2021-06-20 20:25:56 -0400
commit585039fb6e5097cfd16bc083c6d1c9356b237882 (patch)
tree14fc7c960ac6a0d1a37bb7cab27ac105232a01cc /handle.c
parentOpenBSD: Only unveil used directories (diff)
downloadcatgirl-585039fb6e5097cfd16bc083c6d1c9356b237882.tar.gz
catgirl-585039fb6e5097cfd16bc083c6d1c9356b237882.zip
Use "secure" libtls ciphers
d3e90b6 'Use libtls "compat" ciphers' from 2018 fell back to "compat"
ciphers to support irc.mozilla.org which now yields NXDOMAIN.

All modern networks (should) support secure ciphers, so drop the
hopefully unneeded list of less secure ciphers by avoiding
tls_config_set_ciphers(3) and therefore sticking to the "secure" aka.
"default" set of ciphers in libtls.

A quick check shows that almost all of the big/known IRC networks
support TLS1.3 already;  those who do not at least comply with
SSL_CTX_set_cipher_list(3)'s "HIGH" set as can be tested like this:

	echo \
	  irc.hackint.org \
	  irc.tilde.chat \
	  irc.libera.chat \
	  irc.efnet.nl \
	  irc.oftc.net |
	xargs -tn1 \
	openssl s_client -quiet -cipher HIGH -no_ign_eof -port 6697 -host
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions
 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-23 00:14:42 +0000


 


 IdentifierTagJune McEnroe


2020-12-29Match C type declarations as IdentifierTagJune McEnroe


2020-12-29Match function-like macro definitions as IdentifierTagJune McEnroe


2020-12-29Reconfigure C macro start conditionsJune McEnroe


2020-12-29Document HTML class namesJune McEnroe


2020-12-29Rename Tag class to IdentifierTagJune McEnroe


2020-12-29Change HTML class from hi to hilexJune McEnroe

You can tell I was just copying the HTML code huh.



2020-12-29Add hilex HTML outputJune McEnroe