- SSL IRC
- IPv6 works as well.
- SSL botnet Linking
- Currently requires
ssl.pem
file - Replaces old ghost protocol (custom AES). This makes the connection much more secure.
- SSL partyline
- No extra ports needed
openssl s_client -starttls pop3 -connect host:port
STLS
orSTARTTLS
as a username, then the client should initiate handshake.
- DH params builtin (512, 1024, 2048) for better key exchanges
- Store fingerprint in userfile via
chfingerprint
- Support fingerprint when adding a bot:
.newleaf bot fingerprint hosts
- Store fingerprint for hubs in pack.cfg on HUB lines
- Fingerprint verification
- verify fingerprints of connecting peers
- verify fingerprint of hubs/localhubs
- store private key and cert in binary
- Creating a new bot should generate a private key / cert and store it.
- support user certs on telnet to bypass password
- Ability to override SSL Ciphers
- Default:
HIGH:!MEDIUM:!LOW:!EXP:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:@STRENGTH
- Override libssl location
- libssl CRC checks