Set default ECDH(E) curves to be X25519:secp521r1:secp384r1:prime256v1 with

the following remarks:
* We only set these curves if SSL_CTX_set1_curves_list() is available
  (OpenSSL 1.0.2 or later, LibreSSL 2.5.1 or later)
* The X25519 curve is only added if it is available (OpenSSL 1.1.0+)

diff --git a/include/config.h b/include/config.h
index 858db4bc17d85faa064f56297237fb1b47ce56c0..1de804478f2adefb5f689e92466c0526631c68cb 100644 (file)
--- a/include/config.h
+++ b/include/config.h
@@ -318,6 +318,17 @@
  */
 #define UNREALIRCD_DEFAULT_CIPHERS "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-128-GCM-SHA256 TLS13-AES-256-GCM-SHA384 EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA"
 
+/* Default SSL/TLS curves for ECDH(E)
+ * This can be changed via set::ssl::options::ecdh-curve in the config file.
+ * NOTE: This requires openssl 1.0.2 or newer, otherwise these defaults
+ *       are not applied, due to the missing openssl API call.
+ */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#define UNREALIRCD_DEFAULT_ECDH_CURVES "X25519:secp521r1:secp384r1:prime256v1"
+#else
+#define UNREALIRCD_DEFAULT_ECDH_CURVES "secp521r1:secp384r1:prime256v1"
+#endif
+
 /* ------------------------- END CONFIGURATION SECTION -------------------- */
 #define MOTD MPATH
 #define RULES RPATH

diff --git a/src/s_conf.c b/src/s_conf.c
index 160250b8e88600e56dac1ceead9031526ce6b95a..841866611c71d73fec2be9579693c521efef02dd 100644 (file)
--- a/src/s_conf.c
+++ b/src/s_conf.c
@@ -1506,6 +1506,9 @@ void config_setdefaultsettings(aConfiguration *i)
        i->ssl_options->trusted_ca_file = strdup(tmp);
        i->ssl_options->ciphers = strdup(UNREALIRCD_DEFAULT_CIPHERS);
        i->ssl_options->protocols = SSL_PROTOCOL_ALL;
+#ifdef HAS_SSL_CTX_SET1_CURVES_LIST
+       i->ssl_options->ecdh_curves = strdup(UNREALIRCD_DEFAULT_ECDH_CURVES);
+#endif
 
        i->plaintext_policy_user = PLAINTEXT_POLICY_ALLOW;
        i->plaintext_policy_oper = PLAINTEXT_POLICY_WARN;
@@ -7224,6 +7227,7 @@ void conf_sslblock(ConfigFile *conf, ConfigEntry *cep, SSLOptions *ssloptions)
                safestrdup(ssloptions->trusted_ca_file, tempiConf.ssl_options->trusted_ca_file);
                ssloptions->protocols = tempiConf.ssl_options->protocols;
                safestrdup(ssloptions->ciphers, tempiConf.ssl_options->ciphers);
+               safestrdup(ssloptions->ecdh_curves, tempiConf.ssl_options->ecdh_curves);
                ssloptions->options = tempiConf.ssl_options->options;
                ssloptions->renegotiate_bytes = tempiConf.ssl_options->renegotiate_bytes;
                ssloptions->renegotiate_timeout = tempiConf.ssl_options->renegotiate_timeout;

diff --git a/src/ssl.c b/src/ssl.c
index 85e7be898140749e3e05eb62edd24513cfa50391..094cfa777b65c21294b291aac8498224a2e58a2c 100644 (file)
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -389,7 +389,7 @@ SSL_CTX *init_ctx(SSLOptions *ssloptions, int server)
 #ifdef HAS_SSL_CTX_SET1_CURVES_LIST
                        if (!SSL_CTX_set1_curves_list(ctx, ssloptions->ecdh_curves))
                        {
-                               config_warn("Failed to set ecdh-curves '%s'. "
+                               config_warn("Failed to apply ecdh-curves '%s'. "
                                            "To get a list of supported curves with the "
                                            "appropriate names, run "
                                            "'openssl ecparam -list_curves' on the server. "
@@ -408,7 +408,10 @@ SSL_CTX *init_ctx(SSLOptions *ssloptions, int server)
                        goto fail;
 #endif
                } else {
-                       /* Not specified by user. Set some good default */
+                       /* Set some good default (note that usually we don't get here
+                        * because ssloptions->ecdh_curves is typically set, either
+                        * via config_setdefaultsettings or by the user).
+                        */
 #if defined(SSL_CTX_set_ecdh_auto)
                        SSL_CTX_set_ecdh_auto(ctx, 1);
 #elif OPENSSL_VERSION_NUMBER < 0x10100000L