Page 1 of 1
Missing crypto feature documentation
Posted: Mon Jun 05, 2017 8:04 pm
by HeXiLeD
Forbidden
You don't have permission to access /bug_report.php on this server.
Apache/2.4.7 (Ubuntu) Server at bugs.unrealircd.org Port 443
... thank you
Description:
Missing documentation in regards to
set::ssl::dh
Feature exists but no information is available about it:
https://bugs.unrealircd.org/view.php?id=4738
Non existent link:
#
https://unrealircd.org/docs/Set_block#set::ssl::dh
Example:
Code: Select all
# Server's SSL dhparams location
dh "/home/jail/unrealircd/conf/ssl/server.dhparams_4096.pem";
Click here:
https://unrealircd.org/docs/Set_block#set::ssl::dh
https://www.unrealircd.org/docwiki/inde ... sl%3A%3Adh
Additional Information:
https://en.wikipedia.org/wiki/Diffie-He ... y_exchange
https://en.wikipedia.org/wiki/Denavit-H ... parameters
Question:
Can it also be set on the link block ?
Re: Missing crypto feature documentation
Posted: Fri Jun 16, 2017 2:22 pm
by Syzop
You're wondering why we don't have any documentation regarding set::ssl::dh. That configuration directive is used for specifying static DH parameters, which is basically the "old way" to use DH. We do not recommend it and therefore don't document it.
Most, if not all clients, are able to negotiate support for ECDHE instead, which is a variant that is ephemeral (uses different keys for each session) and uses elliptic curve cryptography (uses less CPU). To use this in UnrealIRCd, you don't have to do anything. It is supported out of the box.
**
As for your bugs.unrealircd.org problem. I'm sorry for that. We have so many hack attempts nowadays that it was necessary to install some content/security filters. Unfortunately it will occasionally raise a red flag on harmless content as well, which must be the problem you were experiencing.