Merge branch 'unrealircd:unreal60_dev' into piss60

doc/RELEASE-NOTES.md

@@ -15,6 +15,18 @@ If you want a stable IRCd, download 6.0.4 or upgrade to it via `./unrealircd upg
 * [JSON-RPC](https://www.unrealircd.org/docs/JSON-RPC) API for UnrealIRCd.
   This is work in progress.
 
+### Changes:
+* SSL/TLS: By default we now require TLSv1.2 or later and a modern cipher
+  with forward secrecy. Otherwise the connection is refused.
+  * Since UnrealIRCd 4.2.2 (March 2019) users see an on-connect notice with
+    a warning when they use an outdated TLS protocol or cipher that does not
+    meet these requirements.
+  * This move also reflects the phase out of TLSv1.2 that happened in
+    browsers in 2020/2021.
+  * If you want to revert back to the previous less secure settings, then
+    look under ''Previous less secure setting'' in
+    [TLS Ciphers and protocols](https://www.unrealircd.org/docs/TLS_Ciphers_and_protocols).
+
 UnrealIRCd 6.0.4.2
 -------------------
 Another small update to 6.0.4.x:

extras/build-tests/nix/build

@@ -48,8 +48,8 @@ fi
 $MAKE
 yes ''|$MAKE pem
 $MAKE || exit 1
-./unrealircd module install third/dumpcmds
 $MAKE install || exit 1
+./unrealircd module install third/dumpcmds || exit 1
 
 set +x
 echo ""

extras/tests/tls/cipherscan_profiles/baseline.txt

@@ -1,12 +1,10 @@
 Target: 127.0.0.1:5901
 
-prio  ciphersuite                    protocols              pfs                 curves
-1     ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
-2     ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
-3     ECDHE-ECDSA-AES256-SHA384      TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
-4     ECDHE-ECDSA-AES128-SHA256      TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
-5     ECDHE-ECDSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-521,521bits  secp521r1,secp384r1
-6     ECDHE-ECDSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-521,521bits  secp521r1,secp384r1
+prio  ciphersuite                    protocols  pfs                 curves
+1     ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
+2     ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
+3     ECDHE-ECDSA-AES256-SHA384      TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
+4     ECDHE-ECDSA-AES128-SHA256      TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
 
 Certificate: untrusted, 384 bits, ecdsa-with-SHA256 signature
 TLS ticket lifetime hint: None
@@ -20,8 +18,8 @@ TLS Tolerance: yes
 
 Intolerance to:
  SSL 3.254           : absent
- TLS 1.0             : absent
- TLS 1.1             : absent
+ TLS 1.0             : PRESENT
+ TLS 1.1             : PRESENT
  TLS 1.2             : absent
  TLS 1.3             : absent
  TLS 1.4             : absent

extras/tests/tls/cipherscan_profiles/openssl-101.txt

@@ -1,27 +0,0 @@
-Target: 127.0.0.1:5901
-
-prio  ciphersuite                    protocols              pfs                 curves
-1     ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-256,256bits  prime256v1
-2     ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-256,256bits  prime256v1
-3     ECDHE-ECDSA-AES256-SHA384      TLSv1.2                ECDH,P-256,256bits  prime256v1
-4     ECDHE-ECDSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
-5     ECDHE-ECDSA-AES128-SHA256      TLSv1.2                ECDH,P-256,256bits  prime256v1
-6     ECDHE-ECDSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
-
-Certificate: untrusted, 384 bits, ecdsa-with-SHA256 signature
-TLS ticket lifetime hint: None
-NPN protocols: None
-OCSP stapling: not supported
-Cipher ordering: server
-Curves ordering: server - fallback: no
-Server supports secure renegotiation
-Server supported compression methods: NONE
-TLS Tolerance: yes
-
-Intolerance to:
- SSL 3.254           : absent
- TLS 1.0             : absent
- TLS 1.1             : absent
- TLS 1.2             : absent
- TLS 1.3             : absent
- TLS 1.4             : absent

extras/tests/tls/cipherscan_profiles/openssl-102-ubuntu16.txt

@@ -1,27 +0,0 @@
-Target: 127.0.0.1:5901
-
-prio  ciphersuite                    protocols              pfs                 curves
-1     ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
-2     ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
-3     ECDHE-ECDSA-AES256-SHA384      TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
-4     ECDHE-ECDSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-521,521bits  secp521r1,secp384r1
-5     ECDHE-ECDSA-AES128-SHA256      TLSv1.2                ECDH,P-521,521bits  secp521r1,secp384r1
-6     ECDHE-ECDSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-521,521bits  secp521r1,secp384r1
-
-Certificate: untrusted, 384 bits, ecdsa-with-SHA256 signature
-TLS ticket lifetime hint: None
-NPN protocols: None
-OCSP stapling: not supported
-Cipher ordering: server
-Curves ordering: server - fallback: no
-Server supports secure renegotiation
-Server supported compression methods: NONE
-TLS Tolerance: yes
-
-Intolerance to:
- SSL 3.254           : absent
- TLS 1.0             : absent
- TLS 1.1             : absent
- TLS 1.2             : absent
- TLS 1.3             : absent
- TLS 1.4             : absent

extras/tests/tls/cipherscan_profiles/openssl-300.txt

@@ -1,27 +0,0 @@
-Target: 127.0.0.1:5901
-
-prio  ciphersuite                    protocols  pfs                 curves
-1     ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
-2     ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
-3     ECDHE-ECDSA-AES256-SHA384      TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
-4     ECDHE-ECDSA-AES128-SHA256      TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
-5     ECDHE-ECDSA-AES256-SHA         TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
-6     ECDHE-ECDSA-AES128-SHA         TLSv1.2    ECDH,P-521,521bits  secp521r1,secp384r1
-
-Certificate: untrusted, 384 bits, ecdsa-with-SHA256 signature
-TLS ticket lifetime hint: None
-NPN protocols: None
-OCSP stapling: not supported
-Cipher ordering: server
-Curves ordering: server - fallback: no
-Server supports secure renegotiation
-Server supported compression methods: NONE
-TLS Tolerance: yes
-
-Intolerance to:
- SSL 3.254           : absent
- TLS 1.0             : PRESENT
- TLS 1.1             : PRESENT
- TLS 1.2             : absent
- TLS 1.3             : absent
- TLS 1.4             : absent

include/config.h

@@ -275,7 +275,7 @@
 /* Default TLS cipherlist (except for TLS1.3, see further down).
  * This can be changed via set::ssl::options::ciphers in the config file.
  */
-#define UNREALIRCD_DEFAULT_CIPHERS "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-256-GCM-SHA384 TLS13-AES-128-GCM-SHA256 EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA"
+#define UNREALIRCD_DEFAULT_CIPHERS "EECDH+CHACHA20 EECDH+AESGCM EECDH+AES+SHA384 EECDH+AES+SHA256"
 
 /* Default TLS 1.3 ciphersuites.
  * This can be changed via set::ssl::options::ciphersuites in the config file.

src/conf.c

@@ -1733,7 +1733,7 @@ void config_setdefaultsettings(Configuration *i)
 	safe_strdup(i->tls_options->trusted_ca_file, tmp);
 	safe_strdup(i->tls_options->ciphers, UNREALIRCD_DEFAULT_CIPHERS);
 	safe_strdup(i->tls_options->ciphersuites, UNREALIRCD_DEFAULT_CIPHERSUITES);
-	i->tls_options->protocols = TLS_PROTOCOL_ALL;
+	i->tls_options->protocols = TLS_PROTOCOL_TLSV1_2|TLS_PROTOCOL_TLSV1_3; /* TLSv1.2 & TLSv1.3 */
 #ifdef HAS_SSL_CTX_SET1_CURVES_LIST
 	safe_strdup(i->tls_options->ecdh_curves, UNREALIRCD_DEFAULT_ECDH_CURVES);
 #endif

src/tls.c

@@ -215,7 +215,7 @@ void disable_ssl_protocols(SSL_CTX *ctx, TLSOptions *tlsoptions)
 	if ((tlsoptions->protocols & TLS_PROTOCOL_TLSV1) ||
 	    (tlsoptions->protocols & TLS_PROTOCOL_TLSV1_1))
 	{
-		SSL_CTX_set_security_level(ctx, 1);
+		SSL_CTX_set_security_level(ctx, 0);
 	}
 #endif