From 26e6c331f51a5b23c39ffa8e172ab776fdbc3f06 Mon Sep 17 00:00:00 2001 From: "C. McEnroe" Date: Fri, 20 Aug 2021 15:48:19 -0400 Subject: Use "secure" libtls ciphers Ported from catgirl: commit 585039fb6e5097cfd16bc083c6d1c9356b237882 Author: Klemens Nanni Date: Sun Jun 20 14:42:10 2021 +0000 Use "secure" libtls ciphers d3e90b6 'Use libtls "compat" ciphers' from 2018 fell back to "compat" ciphers to support irc.mozilla.org which now yields NXDOMAIN. All modern networks (should) support secure ciphers, so drop the hopefully unneeded list of less secure ciphers by avoiding tls_config_set_ciphers(3) and therefore sticking to the "secure" aka. "default" set of ciphers in libtls. A quick check shows that almost all of the big/known IRC networks support TLS1.3 already; those who do not at least comply with SSL_CTX_set_cipher_list(3)'s "HIGH" set as can be tested like this: echo \ irc.hackint.org \ irc.tilde.chat \ irc.libera.chat \ irc.efnet.nl \ irc.oftc.net | xargs -tn1 \ openssl s_client -quiet -cipher HIGH -no_ign_eof -port 6697 -host --- server.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'server.c') diff --git a/server.c b/server.c index 636d911..853edd8 100644 --- a/server.c +++ b/server.c @@ -45,14 +45,10 @@ static struct tls *client; void serverConfig( bool insecure, const char *trust, const char *cert, const char *priv ) { + int error = 0; struct tls_config *config = tls_config_new(); if (!config) errx(EX_SOFTWARE, "tls_config_new"); - int error = tls_config_set_ciphers(config, "compat"); - if (error) { - errx(EX_SOFTWARE, "tls_config_set_ciphers: %s", tls_config_error(config)); - } - if (insecure) { tls_config_insecure_noverifycert(config); tls_config_insecure_noverifyname(config); -- cgit 1.4.1 log/termcap.diff'>
path: root/termcap.diff (unfollow)
Commit message (Expand)Author
2017-07-30Add sshd_configJune McEnroe
2017-07-30Add termcap patchJune McEnroespan>Add CSI names to shotty -dJune McEnroe
2019-07-14Ignore CSI tJune McEnroe
2019-07-14Add more info to shotty man pageJune McEnroe
2019-07-14Fix OSC PT handlingJune McEnroe
2019-07-14Handle OSC in shottyJune McEnroe
2019-07-14Add shotty -dJune McEnroe
2019-07-13Add shotty -cJune McEnroe
2019-07-13Add DL to shottyJune McEnroe
2019-07-12Color html rather than bodyJune McEnroe
2019-07-12Make author consistent and update URLsJune McEnroe
2019-07-12Move to www/text.causal.agencyJune McEnroe
2019-07-12Add new causal.agency with shotty shotsJune McEnroe
2019-07-12Use -s to infer terminal sizeJune McEnroe
2019-07-12Add DCH to shottyJune McEnroe
2019-07-12Support insert mode in shottyJune McEnroe
2019-07-11Don't do carriage return on line feedJune McEnroe
2019-07-11Interpret 256color-style SGRsJune McEnroe
2019-07-11Use inline style rather than <b>, <i>, <u>June McEnroe
2019-07-11Factor out clearJune McEnroe
2019-07-11Add bright option to shottyJune McEnroe
2019-07-11Output <b>, <i>, <u> in shottyJune McEnroe
2019-07-10Ignore SM and RMJune McEnroe
2019-07-09Add shotty man page and build itJune McEnroe
2019-07-09Add up -cJune McEnroe
2019-07-09Add options for default colors to shottyJune McEnroe
2019-07-08Use char literals consistentlyJune McEnroe