View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006092 | unreal | ircd | public | 2022-04-21 17:07 | 2022-04-21 18:24 |
| Reporter | supakeen | Assigned To | syzop | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | duplicate | ||
| Product Version | 5.2.4 | ||||
| Summary | 0006092: set::anti-flood::connect replies in plaintext to TLS connections | ||||
| Description | When the connection ratelimit is hit on a TLS port unrealircd 5.2.4 starts responding in plaintext. This causes an error on the client side which will (likely, depending on client) keep reconnecting instead of being able to read the ERROR IRC-answer that is being sent. | ||||
| Steps To Reproduce | Once with `openssl s_client`: € openssl s_client -connect irc.nobleme.com:6697 > /dev/null depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = ns3075641.ip-217-182-194.eu, emailAddress = [email protected] verify error:num=18:self signed certificate verify return:1 depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = ns3075641.ip-217-182-194.eu, emailAddress = [email protected] verify return:1 ^C € openssl s_client -connect irc.nobleme.com:6697 > /dev/null depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = ns3075641.ip-217-182-194.eu, emailAddress = [email protected] verify error:num=18:self signed certificate verify return:1 depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = ns3075641.ip-217-182-194.eu, emailAddress = [email protected] verify return:1 ^C € openssl s_client -connect irc.nobleme.com:6697 > /dev/null depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = ns3075641.ip-217-182-194.eu, emailAddress = [email protected] verify error:num=18:self signed certificate verify return:1 depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = ns3075641.ip-217-182-194.eu, emailAddress = [email protected] verify return:1 ^C € openssl s_client -connect irc.nobleme.com:6697 > /dev/null 139645689081344:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331: € openssl s_client -connect irc.nobleme.com:6697 > /dev/null 139772431494656:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331: and once from netcat (so you can see the plaintext reply): € nc irc.nobleme.com 6697 ^C € nc irc.nobleme.com 6697 ^C € nc irc.nobleme.com 6697 ^C € nc irc.nobleme.com 6697 ERROR :Closing Link: [77.168.111.87] (Throttled: Reconnecting too fast) - Email [email protected] for more information. ^C € nc irc.nobleme.com 6697 ERROR :Closing Link: [77.168.111.87] (Throttled: Reconnecting too fast) - Email [email protected] for more information. ^C | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
Yeah, that is true and it is intentional. See the rationale at https://bugs.unrealircd.org/view.php?id=5532 and the feature idea there to make a better user experience without the cost of becoming a DoS attack vector. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-04-21 17:07 | supakeen | New Issue | |
| 2022-04-21 18:15 | syzop | Assigned To | => syzop |
| 2022-04-21 18:15 | syzop | Status | new => closed |
| 2022-04-21 18:15 | syzop | Resolution | open => duplicate |
| 2022-04-21 18:15 | syzop | Note Added: 0022464 | |
| 2022-04-21 18:16 | syzop | Note Edited: 0022464 | |
| 2022-04-21 18:24 | syzop | Note Edited: 0022464 |
