Missing crypto feature documentation

If your UnrealIRCd is up and running but you have a question about it, then use this forum.
(NOT for installation or connecting issues! Use the other forum instead.)

Moderator: Supporters

Locked
HeXiLeD
Posts: 51
Joined: Mon Jan 16, 2017 8:07 pm
Location: online

Missing crypto feature documentation

Post by HeXiLeD »

Forbidden

You don't have permission to access /bug_report.php on this server.
Apache/2.4.7 (Ubuntu) Server at bugs.unrealircd.org Port 443
... thank you :(

Description:
Missing documentation in regards to set::ssl::dh

Feature exists but no information is available about it: https://bugs.unrealircd.org/view.php?id=4738

Non existent link:
# https://unrealircd.org/docs/Set_block#set::ssl::dh

Example:

Code: Select all

# Server's SSL dhparams location
dh "/home/jail/unrealircd/conf/ssl/server.dhparams_4096.pem";
Steps To Reproduce:
Click here:
https://unrealircd.org/docs/Set_block#set::ssl::dh
https://www.unrealircd.org/docwiki/inde ... sl%3A%3Adh

Additional Information:
https://en.wikipedia.org/wiki/Diffie-He ... y_exchange
https://en.wikipedia.org/wiki/Denavit-H ... parameters

Question:
Can it also be set on the link block ?
Constructive criticism leads to evolution and progress. Negative criticism leads to obsolescence. We are not in the 90's IRC world anymore.
CertFP: d985d21f89fe2977b593c4d381a1a86802e62990d9328d893db76d59f9935244
Syzop
UnrealIRCd head coder
Posts: 2112
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Re: Missing crypto feature documentation

Post by Syzop »

You're wondering why we don't have any documentation regarding set::ssl::dh. That configuration directive is used for specifying static DH parameters, which is basically the "old way" to use DH. We do not recommend it and therefore don't document it.

Most, if not all clients, are able to negotiate support for ECDHE instead, which is a variant that is ephemeral (uses different keys for each session) and uses elliptic curve cryptography (uses less CPU). To use this in UnrealIRCd, you don't have to do anything. It is supported out of the box.

**
As for your bugs.unrealircd.org problem. I'm sorry for that. We have so many hack attempts nowadays that it was necessary to install some content/security filters. Unfortunately it will occasionally raise a red flag on harmless content as well, which must be the problem you were experiencing.
Locked