diff options
| author | Alexander Barton <alex@barton.de> | 2014-10-26 11:58:22 +0100 |
|---|---|---|
| committer | Alexander Barton <alex@barton.de> | 2014-10-26 11:58:22 +0100 |
| commit | 6e4235443eb4dee0930a65e613c8bf5e00331f73 (patch) | |
| tree | 79764dec2aa13f0de4aa060ae47267a88284eb13 /INSTALL | |
| parent | f33a4067a16747c8fc5f1c0b5eb5e5520ee1e7a7 (diff) | |
| parent | cdcf474f159ad0c3c2a652cdbfa5e7f09171667c (diff) | |
| download | ngircd-6e4235443eb4dee0930a65e613c8bf5e00331f73.tar.gz ngircd-6e4235443eb4dee0930a65e613c8bf5e00331f73.zip | |
Merge branch 'CipherListNoSSL3'
* CipherListNoSSL3: INSTALL: List the changed SSL CipherList default value. Update "CipherList" to not enable SSLv3 by default
Diffstat (limited to 'INSTALL')
| -rw-r--r-- | INSTALL | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/INSTALL b/INSTALL index cf33fa34..0aa853c1 100644 --- a/INSTALL +++ b/INSTALL @@ -12,12 +12,21 @@ I. Upgrade Information ~~~~~~~~~~~~~~~~~~~~~~ +Differences to version 22.x + +- The default value of the SSL "CipherList" variable has been changed to + "HIGH:!aNULL:@STRENGTH:!SSLv3" (OpenSSL) and "SECURE128:-VERS-SSL3.0" + (GnuTLS) to disable the old SSLv3 protocol by default. + To enable connections of clients still requiring the weak SSLv3 protocol, + the "CipherList" must be set to its old value (not recommended!), which + was "HIGH:!aNULL:@STRENGTH" (OpenSSL) and "SECURE128" (GnuTLS), see below. + Differences to version 20.x - Starting with ngIRCd 21, the ciphers used by SSL are configurable and - default to HIGH:!aNULL:@STRENGTH (OpenSSL) or SECURE128 (GnuTLS). - Previous version were using the OpenSSL or GnuTLS defaults, DEFAULT - and NORMAL respectively. + default to "HIGH:!aNULL:@STRENGTH" (OpenSSL) or "SECURE128" (GnuTLS). + Previous version were using the OpenSSL or GnuTLS defaults, "DEFAULT" + and "NORMAL" respectively. - When adding GLINE's or KLINE's to ngIRCd 21 (or newer), all clients matching the new mask will be KILL'ed. This was not the case with earlier versions |