mirror of
https://github.com/osmarks/ngircd.git
synced 2025-09-05 12:17:56 +00:00
TLS/SSL support: documentation.
This commit is contained in:
Florian Westphal
29
doc/SSL.txt
29
doc/SSL.txt
@@ -10,9 +10,31 @@
|
||||
-- SSL.txt --
|
||||
|
||||
|
||||
ngIRCd actually doesn't support secure connections for client-server or
|
||||
server-server links using SSL, the Secure Socket Layer, by itself. But you can
|
||||
use the stunnel(8) command to make this work.
|
||||
ngIRCd supports SSL/TLSv1 encrypted connections using the
|
||||
OpenSSL or gnutls library.
|
||||
Both encryped server <-> client and server <-> server links should work.
|
||||
|
||||
BEWARE! The Code is mostly untested, use at your own risk!
|
||||
|
||||
Example that creates a self-signed certificate and key (using OpenSSL):
|
||||
openssl req -newkey rsa:2048 -x509 -keyout server-key.pem \
|
||||
-out server-cert.pem -days 1461
|
||||
|
||||
Example that creates DH parameters (optional):
|
||||
openssl dhparam -2 -out dhparams.pem 2048
|
||||
|
||||
Example that creates a self-signed certificate
|
||||
and key (using gnutls):
|
||||
|
||||
certtool --generate-privkey --bits 2048 --outfile server-key.pem
|
||||
certtool --generate-self-signed --load-privkey server-key.pem \
|
||||
--outfile server-cert.pem
|
||||
|
||||
Example that creates DH parameters (optional):
|
||||
certtool --generate-dh-params --bits 2048 --outfile dhparams.pem
|
||||
|
||||
Alternatively, you may use external programs/tools like stunnel to
|
||||
make it work:
|
||||
|
||||
<http://stunnel.mirt.net/>
|
||||
<http://www.stunnel.org/>
|
||||
@@ -51,7 +73,6 @@ short "how-to", thanks Stefan!
|
||||
=== snip ===
|
||||
|
||||
|
||||
Probably ngIRCd will include support for SSL in the future ...
|
||||
|
||||
|
||||
--
|
||||
|
||||
@@ -13,6 +13,8 @@
|
||||
# Use "ngircd --configtest" (see manual page ngircd(8)) to validate that the
|
||||
# server interprets the configuration file as expected!
|
||||
#
|
||||
# Please see ngircd.conf(5) for a complete list of configuration options.
|
||||
#
|
||||
|
||||
[Global]
|
||||
# The [Global] section of this file is used to define the main
|
||||
@@ -40,6 +42,21 @@
|
||||
# one port, separated with ",". (Default: 6667)
|
||||
;Ports = 6667, 6668, 6669
|
||||
|
||||
# Additional Listen Ports that expect SSL/TLS encrypted connections
|
||||
;SSLPorts = 9999,6668
|
||||
|
||||
# SSL Server Key
|
||||
;SSLKeyFile = /usr/local/etc/ngircd/ssl/server-key.pem
|
||||
|
||||
# password to decrypt SSLKeyFile (OpenSSL only)
|
||||
;SSLKeyFilePassword = secret
|
||||
|
||||
# SSL Server Key Certificate
|
||||
;SSLCertFile = /usr/local/etc/ngircd/ssl/server-cert.pem
|
||||
|
||||
# Diffie-Hellman parameters
|
||||
;SSLDHFile = /usr/local/etc/ngircd/ssl/dhparams.pem
|
||||
|
||||
# comma seperated list of IP addresses on which the server should
|
||||
# listen. Default values are:
|
||||
# "0.0.0.0" or (if compiled with IPv6 support) "::,0.0.0.0"
|
||||
@@ -158,7 +175,7 @@
|
||||
# IRC name of the remote server, must match the "Name" variable in
|
||||
# the [Global] section of the other server (when using ngIRCd).
|
||||
;Name = irc2.the.net
|
||||
|
||||
|
||||
# Internet host name or IP address of the peer (only required when
|
||||
# this server should establish the connection).
|
||||
;Host = connect-to-host.the.net
|
||||
@@ -189,6 +206,9 @@
|
||||
# this specific server later.
|
||||
;Passive = no
|
||||
|
||||
# Connect to the remote server using TLS/SSL (Default: false)
|
||||
; SSLConnect = yes
|
||||
|
||||
[Server]
|
||||
# More [Server] sections, if you like ...
|
||||
|
||||
|
||||
Reference in New Issue
Block a user