You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Because of degredation attacks, even accepting SSLv3 is dangerous, a MITM attack can just fall you back to a protocol they can break. So servers (and most clients) do not want to have that as an option.
However, we have some users (such as Johndrinkwater) with old machines currently connecting to afternet with SSLv3 that will break if we disallow it.
We need the ability to specify the cipher details of openssl on a per-port basis. And the outbound connections for linking servers on a per-connect block basis.
The ircd already has seperate init functions for accepting and initiating connections, but they all share the same feature block settings such as SSL_NOSSLV3 so it is currently impossible to have servers link with the latest and greatest, but let clients connect with anything.
In the future, I can see us having the default port be restricted to 'super secure'. but having another port with SSLv3 turned on, for older clients.
The text was updated successfully, but these errors were encountered:
The climate for SSL is very hostile right now.
Because of degredation attacks, even accepting SSLv3 is dangerous, a MITM attack can just fall you back to a protocol they can break. So servers (and most clients) do not want to have that as an option.
However, we have some users (such as Johndrinkwater) with old machines currently connecting to afternet with SSLv3 that will break if we disallow it.
We need the ability to specify the cipher details of openssl on a per-port basis. And the outbound connections for linking servers on a per-connect block basis.
The ircd already has seperate init functions for accepting and initiating connections, but they all share the same feature block settings such as SSL_NOSSLV3 so it is currently impossible to have servers link with the latest and greatest, but let clients connect with anything.
In the future, I can see us having the default port be restricted to 'super secure'. but having another port with SSLv3 turned on, for older clients.
The text was updated successfully, but these errors were encountered: