View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006500 | unreal | ircd | public | 2025-02-26 20:14 | 2025-02-26 20:14 |
| Reporter | rafaelgrether | Assigned To | |||
| Priority | low | Severity | feature | Reproducibility | always |
| Status | new | Resolution | open | ||
| Product Version | 6.1.10-rc1 | ||||
| Summary | 0006500: Improve set::best-practices adding only-tls-port directive. | ||||
| Description | Hey guys, Today, nearly all IRC clients support TLS. Almost all types of communication nowadays run over a TLS tunnel, and using an insecure plaintext port doesn't seem to make much sense from a security standpoint. So I suggest add the directive only-tls-port (or another suggestive name) inside the set::best-practices block, to warn when a listen {} block doesn't have options { tls; } defined. I think that nowadays, the use of TLS should be a standard to be adopted. Thinking about that, I also suggest leaving the listen{} on port 6667 commented out in the example.conf. Thanks! Sugestive examples: /* Standard IRC port 6667 * Insecure plaintext - Not Recommended */ //listen { // ip *; // port 6667; //} set { best-practices { /* Warn when an oper::password is plaintext in the config (not hashed). * At a later time it may also warn about plaintext passwords elsewhere. */ hashed-passwords yes; /* Warn when a listen {} block doesn't have options { tls; } * due to insecure plaintext. */ only-tls-port yes; } } | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-02-26 20:14 | rafaelgrether | New Issue |
