This release fixes a number of bugs such as IPv6 hosts not resolving in UnrealIRCd 6.1.8/6.1.8.1 and 100% CPU usage in some circumstances. It also changes the SSL/TLS defaults to make things a little safer/better.
Enhancements:
- SSL/TLS:
- Change default TLS ciphers to only allow AES in GCM mode and no longer in CBC mode.
- When using cURL for remote includes we now explicitly set the minimum required version to TLSv1.2 and set our default ciphers and ciphersuites. Note that by default in UnrealIRCd 6 the built-in (non-cURL) implementation is used for remote includes, which already used these defaults. Also note that most distros, like Ubuntu and Debian, already required TLSv1.2 or later effectively in cURL.
- Regarding default ecdh-curves: we now try to set the curves list to
x25519:secp521r1:secp384r1:prime256v1first, and if that fails then we trysecp521r1:secp384r1:prime256v1. The former could fail due to SSL library restrictions (old library or when in FIPS mode). Previously we were also supposed to do it like that, but due to a bug always had X25519 turned off.
Fixes:
- IPv6 hosts not resolving in UnrealIRCd 6.1.8 and 6.1.8.1.
- 100% CPU usage in some (rare) circumstances. The IRCd is still fully responsive, but of course high CPU usage is never good.
- Crash in
STATS S(IRCOp-only) if having vhosts with autologin (and no vhost::login). - The Windows version did not allow tweaking of set::tls::ecdh-curves.
Changes:
- Update shipped libraries: c-ares to 1.34.3
- Update Windows libraries: c-ares to 1.34.3, curl to 8.11.0 and LibreSSL to 4.0.0.
- Added
HELPOP EXTSERVERBANSto explain Extended server bans - Added new UnrealIRCd PGP release signing key
الجمعة, نوفمبر/الحادي عشر 22, 2024
Powered by WHMCompleteSolution
