diff options
| author | June McEnroe <june@causal.agency> | 2021-08-20 15:48:19 -0400 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2021-08-20 15:48:19 -0400 |
| commit | 26e6c331f51a5b23c39ffa8e172ab776fdbc3f06 (patch) | |
| tree | 3e770f23ba26e4af739b031c177edbc976271a51 /Makefile | |
| parent | Use seprintf to build final 005 (diff) | |
| download | pounce-26e6c331f51a5b23c39ffa8e172ab776fdbc3f06.tar.gz pounce-26e6c331f51a5b23c39ffa8e172ab776fdbc3f06.zip | |
Use "secure" libtls ciphers
Ported from catgirl: commit 585039fb6e5097cfd16bc083c6d1c9356b237882 Author: Klemens Nanni <klemens@posteo.de> Date: Sun Jun 20 14:42:10 2021 +0000 Use "secure" libtls ciphers d3e90b6 'Use libtls "compat" ciphers' from 2018 fell back to "compat" ciphers to support irc.mozilla.org which now yields NXDOMAIN. All modern networks (should) support secure ciphers, so drop the hopefully unneeded list of less secure ciphers by avoiding tls_config_set_ciphers(3) and therefore sticking to the "secure" aka. "default" set of ciphers in libtls. A quick check shows that almost all of the big/known IRC networks support TLS1.3 already; those who do not at least comply with SSL_CTX_set_cipher_list(3)'s "HIGH" set as can be tested like this: echo \ irc.hackint.org \ irc.tilde.chat \ irc.libera.chat \ irc.efnet.nl \ irc.oftc.net | xargs -tn1 \ openssl s_client -quiet -cipher HIGH -no_ign_eof -port 6697 -host
Diffstat (limited to 'Makefile')
0 files changed, 0 insertions, 0 deletions