Page 1 of 1

Missing crypto feature documentation

Posted: Mon Jun 05, 2017 8:04 pm
by HeXiLeD

You don't have permission to access /bug_report.php on this server.
Apache/2.4.7 (Ubuntu) Server at Port 443
... thank you :(

Missing documentation in regards to set::ssl::dh

Feature exists but no information is available about it:

Non existent link:


Code: Select all

# Server's SSL dhparams location
dh "/home/jail/unrealircd/conf/ssl/server.dhparams_4096.pem";
Steps To Reproduce:
Click here: ... sl%3A%3Adh

Additional Information: ... y_exchange ... parameters

Can it also be set on the link block ?

Re: Missing crypto feature documentation

Posted: Fri Jun 16, 2017 2:22 pm
by Syzop
You're wondering why we don't have any documentation regarding set::ssl::dh. That configuration directive is used for specifying static DH parameters, which is basically the "old way" to use DH. We do not recommend it and therefore don't document it.

Most, if not all clients, are able to negotiate support for ECDHE instead, which is a variant that is ephemeral (uses different keys for each session) and uses elliptic curve cryptography (uses less CPU). To use this in UnrealIRCd, you don't have to do anything. It is supported out of the box.

As for your problem. I'm sorry for that. We have so many hack attempts nowadays that it was necessary to install some content/security filters. Unfortunately it will occasionally raise a red flag on harmless content as well, which must be the problem you were experiencing.