View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006485 | unreal | ircd | public | 2024-11-27 01:09 | 2024-11-28 16:28 |
| Reporter | Who-m3 | Assigned To | syzop | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | no change required | ||
| Platform | Linux | OS | CentOS | OS Version | 7.9.2009 |
| Product Version | 6.1.9.1 | ||||
| Summary | 0006485: Unknown cipher in list: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256 | ||||
| Description | UnrealIRCd 6.1.9.1, upgraded from 6.1.8.1 using ./unrealircd upgrade, is encountering the error message: Unknown cipher in list: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 This is presenting for remote includes to an https:// address. This is only impacting some systems. | ||||
| Steps To Reproduce | Compile IRCd Start IRCd with Remote Includes -- Failure to start Existing IRCd Rehash IRCD with Remote Includes -- Error message and "using a cached copy"/ | ||||
| Additional Information | unrealircd_version UnrealIRCd-6.1.9.1 libssl_version OpenSSL 1.0.2k-fips 26 Jan 2017 libsodium_version 1.0.20 libcurl_version libcurl/7.29.0 NSS/3.90 zlib/1.2.7 libidn/1.28 libssh2/1.8.0 libcares_version 1.34.3 libpcre2_version PCRE2 10.44 2024-06-07 libjansson 2.14 | ||||
| Tags | /rehash | ||||
| 3rd party modules | None | ||||
|
|
Thanks for the report. And very helpful you included the /VERSION info, since it showed that libcurl was compiled with NSS. I guess it must be something related to that hmm. Hmm the libssl version of 26 jan 2017 got me thinking... is this quite an outdated distro? Or is this something that is more common / up to date that is still in use? Also, just so you know: in ./Config since UnrealIRCd 6 you no longer need to enable CURL if all you need is https:// support. If you answer "No" that question it will use the built-in unrealircd https handler. If you need anything else, like insecure http, ftp, etc.. then you will still need to answer Yes though, and cURL will be used. So if you only use https then this would be a good workaround :) |
|
|
I googled a bit more and I think this is CentOS 7.9, right? Seems active support ended 4 years ago and security support 5 months ago, according to https://endoflife.date/centos (also has a yellow warning with "CentOS Linux has been discontinued and is not safe to use anymore") Other than that, see previous comment for a workaround that may work for you (the ./Config thing) :) |
|
|
This is CentOS 7.9, yes. Box admin refuses to update (too much work or them to do it). When I upgraded, I used the ./unrealircd upgrade script -- I thought it removed the direct 'Yes' to Remote Includes. I'll re-compile it now and see if that is causing the problem. If it is, then I deserve a *facepalm*... Follow-up is coming shortly. |
|
|
This can now be marked as Resolved. This issue was with third-party CURL used for non-SSL connections; however, all connections being used with Remote Includes are secure. I recompiled the base with 'Remote Includes' set to No to prevent local curl installation and restarted IRCd without issue. --- Issue Identified: Remote Includes is set to Yes in the original installation, but it is no longer required. ./unrealircd upgrade does not change the original compilation settings. |
|
|
Great :) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-11-27 01:09 | Who-m3 | New Issue | |
| 2024-11-27 01:09 | Who-m3 | Tag Attached: /rehash | |
| 2024-11-27 15:55 | syzop | Note Added: 0023402 | |
| 2024-11-27 15:55 | syzop | Assigned To | => syzop |
| 2024-11-27 15:55 | syzop | Status | new => feedback |
| 2024-11-27 15:59 | syzop | Note Added: 0023403 | |
| 2024-11-28 13:52 | Who-m3 | Note Added: 0023404 | |
| 2024-11-28 14:00 | Who-m3 | Note Added: 0023405 | |
| 2024-11-28 16:28 | syzop | Status | feedback => closed |
| 2024-11-28 16:28 | syzop | Resolution | open => no change required |
| 2024-11-28 16:28 | syzop | Note Added: 0023406 |
