Skip to content

TLS implementation#74

Open
MrIron-no wants to merge 17 commits intoUndernetIRC:u2_10_12_branchfrom
MrIron-no:tls
Open

TLS implementation#74
MrIron-no wants to merge 17 commits intoUndernetIRC:u2_10_12_branchfrom
MrIron-no:tls

Conversation

@MrIron-no
Copy link
Contributor

@MrIron-no MrIron-no commented Mar 4, 2026

No description provided.

entrope and others added 17 commits September 18, 2025 14:53
@entrope @MrIron-no
Support SSL and TLS (UNTESTED)
b043df6 
Add a user mode FLAG_TLS (+z) to indicate users connected via SSL or TLS.
Add a channel mode MODE_TLSONLY (+Z) to only allow +z users to join or
send messages to the channel.
Add configuration settings and features to allow configuration of the
underlying TLS library.

The underlying TLS library is selected by ./configure --with-tls=<NAME>,
among several available implementations (include a stub, "none").  By
design (to make behavior homogenous across a network), very little code
depends on whether TLS is actually available or not.
@entrope @MrIron-no
configure: Compile without OpenSSL or gnutls installed
3c03e82
@entrope @MrIron-no
tls_libtls: Fix compilation
88e10d9
@entrope @MrIron-no
tls_openssl: Fix sense of FEAT_TLS_* version settings
ce30405
@entrope @MrIron-no
readme.features: Better explain TLS version features
570ddac
@entrope @MrIron-no
tls_gnutls: Fix typos in checking I/O results
6bf96d1
@MrIron-no
Merge fix and update configure to not default to libtls when other im…
6612f45 
…plementation is specified in --with-tls
@entrope @MrIron-no
tls: Improve fingerprint handling (not fully fixed yet)
d671f21 
Add ircd_tls_listen() to configure a TLS listener.  Require this to
succeed on any TLS-enabled listening port.
Delete ircd_tls_fingerprint_matches() in favor of cli_tls_fingerprint.
@MrIron-no
Reworked openssl implementation
e50c42f
@MrIron-no
We don't register socket evnet upon reciving SSL_ERROR_WANT_READ or S…
0ea7f71 
…SL_ERROR_WANT_WRITE
@MrIron-no
Fix to gnutls implementation
7b2d02e
@MrIron-no
libtls implementation.
b368534
@MrIron-no
Added feature for bursting fingerprints for backwards compatability
0ddaea0
@MrIron-no
Pass on fingerprint to iauth
4ed2e39
@MrIron-no
Added supported tls modes
a459c93
@MrIron-no
fix: Bug in tls implementation caused by clients immediately closing …
4ff001d 
…the connection. start_auth() is now called from ET_WRITE which immediately return
@MrIron-no
fix: compiler error on FreeBSD due to different type
44b69ad
@eaescob
Copy link

eaescob commented Mar 11, 2026
edited
Loading

I wonder if admins would event want to define ciphers. If no ciphers are provided, which ones will ircu default to? Did IRC clients add TLS support post SSLv3? Just trying to understand if we even need the SSLv3 bits.

@MrIron-no
Copy link
Contributor Author

MrIron-no commented Mar 11, 2026

Hi, this introduces S2S too.

@eaescob
Copy link

eaescob commented Mar 11, 2026

Hi, this introduces S2S too.

Yup! Just got to the server part. Edited my comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MrIron-no @eaescob @entrope