This release fixes a number of bugs such as IPv6 hosts not resolving in UnrealIRCd 6.1.8/6.1.8.1 and 100% CPU usage in some circumstances. It also changes the SSL/TLS defaults to make things a little safer/better.

Enhancements:

  • SSL/TLS:
    • Change default TLS ciphers to only allow AES in GCM mode and no longer in CBC mode.
    • When using cURL for remote includes we now explicitly set the minimum required version to TLSv1.2 and set our default ciphers and ciphersuites. Note that by default in UnrealIRCd 6 the built-in (non-cURL) implementation is used for remote includes, which already used these defaults. Also note that most distros, like Ubuntu and Debian, already required TLSv1.2 or later effectively in cURL.
    • Regarding default ecdh-curves: we now try to set the curves list to x25519:secp521r1:secp384r1:prime256v1 first, and if that fails then we try secp521r1:secp384r1:prime256v1. The former could fail due to SSL library restrictions (old library or when in FIPS mode). Previously we were also supposed to do it like that, but due to a bug always had X25519 turned off.

Fixes:

  • IPv6 hosts not resolving in UnrealIRCd 6.1.8 and 6.1.8.1.
  • 100% CPU usage in some (rare) circumstances. The IRCd is still fully responsive, but of course high CPU usage is never good.
  • Crash in STATS S (IRCOp-only) if having vhosts with autologin (and no vhost::login).
  • The Windows version did not allow tweaking of set::tls::ecdh-curves.

Changes:

 

 



Vineri, Noiembrie 22, 2024

« înapoi

Powered by WHMCompleteSolution