New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSL questions #716

Open
michaelortmann opened this Issue Oct 16, 2018 · 0 comments

Comments

Projects
None yet
1 participant
@michaelortmann
Member

michaelortmann commented Oct 16, 2018

Question 1

When i setup a default ircd-seven and i connect via ssl, i get:
[22:02:33] TLS: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
because the server just doesnt speak ssl yet.
so thats the error mesage openssl gives us,
I think, that was meant in this other Issue about enhancing ssl error reporting.
i would like to present some more help text to the user,
but it seems thats not possible, we cant interpret the error message,
could be anything probably.
or can we? maybe display a list of things to check?
like if the dst port really does speak ssl?
like debug the destination with openssl client -debug -connect

Question 2

We currently set tls_protocols and ciphers and so on, once. Esp. relevant after merge of #185. For all connections the same settings. It may be a good idea, to let different connections have different settings. Like i would need to set SSLv3 for connect to irc server, but i would like to set strict TLSv1.3 only for connect from/to other bots.
What do you think about this? And how should we approach this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment