michaelortmann
commented
3 years ago Not vulnerable? TLS 1.1 lacks perfect forward secrecy.
Closed KOLANICH closed 3 years ago
michaelortmann
commented
3 years ago Not vulnerable? TLS 1.1 lacks perfect forward secrecy.
KOLANICH
commented
3 years ago TLS 1.1 lacks perfect forward secrecy.
It is not true. It has DHE ciphersuites. What it doesn't have, is GCM ciphersuites.
edk0
commented
3 years ago Paging our resident TLS ciphersuite enthusiast @aaronmdjones -- my gut feeling is that we could enable TLSv1.1 with ciphersuites that are deemed relatively secure; IIUC there's no generally applicable 1.2+ to 1.1 downgrade attack and I don't really want to leave users with older devices in the cold. Thoughts?
aaronmdjones
commented
3 years ago I don't see a reason to not enable TLS 1.1 but I would like to only enable AEAD suites in that case.
aaronmdjones
commented
3 years ago Er, I was clearly too tired when I wrote that. I mean PFS suites.
chron0
commented
3 years ago Still can't connect with weechat - it's great to have an A+ sslllabs grade on your cipher selection but when people are confronted with the option of going plaintext or being shunned out I dont see the benefit of libera at all... because I wont go plaintext and I cant easily upgrade the client I have on my box. And it works with EVERY other irc network out there :/
aaronmdjones
commented
3 years ago WeeChat uses GNUTLS, and GNUTLS has supported TLSv1.2 as a client since September 2009. It's one thing to not be able to access the service because of a configuration issue, but quite another to be using a client library that is at least 11 years out of date and expect things to still work.
Likewise, we do not currently support Internet Explorer version 6, which is of the same vintage.
chron0
commented
3 years ago Not quite sure wtf u are talking about... Weechat Version 2.4 (2019-02-17)
bigpresh
commented
3 years ago It's the version of the GNUTLS (libgnutls) library which matters, as Weechat just uses that for TLS operations, it doesn't implement TLS code itself (naturally, because that would be silly!).
On Debian-like systems, you could check the version you have with something like sudo apt show libgnutls* | grep Version
From a skim of https://gitlab.com/gnutls/gnutls/blob/master/NEWS you probably want at least Version 2.9.4 (released 2009-09-03)
chron0
commented
3 years ago ldd /usr/bin/weechat
linux-vdso.so.1 => (0x00007ffd64547000)
libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007fa1c16a8000)
libgnutls.so.30 => /usr/lib/x86_64-linux-gnu/libgnutls.so.30 (0x00007fa1c1378000)dpkg -S libgnutls.so.30
libgnutls30:amd64: /usr/lib/x86_64-linux-gnu/libgnutls.so.30.6.2
libgnutls30:amd64: /usr/lib/x86_64-linux-gnu/libgnutls.so.30apt show libgnutls* | grep Version
Version: 3.4.10-4ubuntu1.8none of which is the point. The point is that this client can clearly do reasonable TLS connections to EVERY other IRC network out there, EXCEPT Libera. Dont waste time "fixing" my client - fix your network. I can hack around this shit, but there are many people out there being shunned out - which is kinda bad at a time where you actually want to get people over to Libera from Leenode, duuuh....
aaronmdjones
commented
3 years ago Have you done something like set irc.server_default.ssl_priorities to a value that excludes modern TLS protocols? The default is to enable all TLS protocols, and disable all SSL protocols.
chron0
commented
3 years ago Yeap, I tried that as well, default is: 'NORMAL:-VERS-SSL3.0' - I've run testssl.sh against libera and freenode to find the differences and try with other combos, no case worked.
Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy
------------------------------------------------------------------------------------------------
Android 4.4.2 No connection
Android 5.0.0 No connection
Android 6.0 No connection
Android 7.0 (native) No connection
Android 8.1 (native) No connection
Android 9.0 (native) No connection
Android 10.0 (native) No connection
Chrome 74 (Win 10) No connection
Chrome 79 (Win 10) No connection
Firefox 66 (Win 8.1/10) No connection
Firefox 71 (Win 10) No connection
IE 6 XP No connection
IE 8 Win 7 No connection
IE 8 XP No connection
IE 11 Win 7 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 2048 bit DH
IE 11 Win 8.1 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 2048 bit DH
IE 11 Win Phone 8.1 TLSv1.2 ECDHE-RSA-AES128-SHA256 256 bit ECDH (P-256)
IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Edge 15 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 253 bit ECDH (X25519)
Edge 17 (Win 10) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 253 bit ECDH (X25519)
Opera 66 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Safari 9 iOS 9 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Safari 10 OS X 10.12 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Safari 12.1 (iOS 12.2) No connection
Safari 13.0 (macOS 10.14.6) No connection
Apple ATS 9 iOS 9 No connection
Java 6u45 No connection
Java 7u25 No connection
Java 8u161 No connection
Java 11.0.2 (OpenJDK) No connection
Java 12.0.1 (OpenJDK) No connection
OpenSSL 1.0.2e No connection
OpenSSL 1.1.0l (Debian) No connection
OpenSSL 1.1.1d (Debian) No connection
Thunderbird (68.3) No connection Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy
------------------------------------------------------------------------------------------------
Android 4.4.2 No connection
Android 5.0.0 No connection
Android 6.0 No connection
Android 7.0 (native) No connection
Android 8.1 (native) No connection
Android 9.0 (native) No connection
Android 10.0 (native) No connection
Chrome 74 (Win 10) No connection
Chrome 79 (Win 10) No connection
Firefox 66 (Win 8.1/10) No connection
Firefox 71 (Win 10) No connection
IE 6 XP No connection
IE 8 Win 7 No connection
IE 8 XP No connection
IE 11 Win 7 No connection
IE 11 Win 8.1 No connection
IE 11 Win Phone 8.1 No connection
IE 11 Win 10 No connection
Edge 15 Win 10 No connection
Edge 17 (Win 10) No connection
Opera 66 (Win 10) No connection
Safari 9 iOS 9 No connection
Safari 9 OS X 10.11 No connection
Safari 10 OS X 10.12 No connection
Safari 12.1 (iOS 12.2) No connection
Safari 13.0 (macOS 10.14.6) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Apple ATS 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 521 bit ECDH (P-521)
Java 6u45 No connection
Java 7u25 No connection
Java 8u161 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 521 bit ECDH (P-521)
Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 256 bit ECDH (P-256)
Java 12.0.1 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 256 bit ECDH (P-256)
OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 521 bit ECDH (P-521)
OpenSSL 1.1.0l (Debian) TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 253 bit ECDH (X25519)
OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Thunderbird (68.3) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)In a different testcase with the exact same gnutls lib version but weechat 3.1 it connects - so it doesnt seem to be linked to gnutls but weechat version actually. Weechat isnt really verbose about the error, only reporting "TLS Handshake errors" :/
In any case - none of this does matter if the people that can connect with their daily setup to other networks wont be able to connect to libera. A+ grade on cipher selection is nice for the ego mantle but no way to grow a network if people wont be able to use it. Freenode, OFTC, Rizon, Darkfasel and other even more obscure networks are no problem to use with the older weechat version. If you still want to shift blame to clients and stick to cipher glory, I really see no point in continuing here.
chron0
commented
3 years ago Just case in point: when i went to #libera I was recommended to do:
irc.server.LIBERA.addresses "irc.libera.chat 6697" instead of "irc.libera.chat/6697" as "this worked" for the one recommending it, since he couldnt connect either before he did that.
I doubted that as a "solution" very much, so I made him verify if he actually was secured or if that port after the space was ignored now and he was actually connecting plain, as it fell back to the default port: which was the case. So the hunt for "muh security" actually made people go plain without even realizing it.
aaronmdjones
commented
3 years ago I just don't understand then; I'm connected to Libera with WeeChat right now, and have been able to since day 1.
Likewise, openssl s_client can connect with TLSv1.2 just fine:
$ openssl s_client -connect irc.libera.chat:6697 -tls1_2
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = platinum.libera.chat
verify return:1
---
Certificate chain
0 s:CN = platinum.libera.chat
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISBJtmmL4I7FCzrMNuBMlvZArwMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTA1MjIxNzU5NDZaFw0yMTA4MjAxNzU5NDZaMB8xHTAbBgNVBAMT
FHBsYXRpbnVtLmxpYmVyYS5jaGF0MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEdQ3F
Tx3WvLepHegi/QFApebkP2BHQrwEVJBpj8aJIT328zO4gxV0bcYytzNhSnObKpvg
hViqFsmg9oEN+fX2caPjjZn44AYrPL5djy3Id+x9tTq4H9HFSCwibX57L0fEo4IC
3zCCAtswDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSY2jpYgLZqh+kdHGk9XqPjs2ev
5TAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJ
MEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcw
AoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzCBrgYDVR0RBIGmMIGjghJpcmMuYXUu
bGliZXJhLmNoYXSCEmlyYy5lYS5saWJlcmEuY2hhdIISaXJjLmV1LmxpYmVyYS5j
aGF0ghRpcmMuaXB2NC5saWJlcmEuY2hhdIIUaXJjLmlwdjYubGliZXJhLmNoYXSC
D2lyYy5saWJlcmEuY2hhdIISaXJjLnVzLmxpYmVyYS5jaGF0ghRwbGF0aW51bS5s
aWJlcmEuY2hhdDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAo
MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisG
AQQB1nkCBAIEgfUEgfIA8AB2AJQgvB6O1Y1siHMfgosiLA3R2k1ebE+UPWHbTi9Y
TaLCAAABeZVympoAAAQDAEcwRQIhAL9/+M4MvDtuLuchSbZweW/txFlnFmIVwTAP
Mx9aDNdrAiAoj5BZrMYHP8h24H2WWOCS2wObnjBgitFf1qCMNK1TogB2APZclC/R
dzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABeZVympAAAAQDAEcwRQIgGDwH
aXJjci/rNz3jUFnHw1gUjyMZiivmXO5LCVHRPhwCIQCmQopWEs2ebjYS1eiHpwEf
ra7HjnG0ih0xRWfYP+sYYDANBgkqhkiG9w0BAQsFAAOCAQEAkZ6UkQOdmJ4suUG3
lA4sjItJD7fyOh4+ZNasBskShX7Yk5AhX8qapPlaX0hkSES2Vv54GXKNwV+imy5u
6QpfEQPXS8euMrZIe28IAiMgAQPSZ0EjRHSixILvvCpJUE749ULLdw8cnacs7B1o
alcYXBx16xFrOe0wDJYCzskVqGPelC3HfkOR5GWs0VKd5qHBGAFvlvEek5Q1tA/R
8oLM42swakfEBWNOdaBi1Zmjb0YG8ZJT7IKCwxWAaaIXEwRpQRNpuerQNH8NrgfX
wW1EzQC+4NXVeoEvzDSDeCFKnbG2PBn3Ru+SzB7D9DeKnA4LLt3NGZ3ubFLqwQD2
KJKtBQ==
-----END CERTIFICATE-----
subject=CN = platinum.libera.chat
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4334 bytes and written 309 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-CHACHA20-POLY1305
Server public key is 384 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-CHACHA20-POLY1305
Session-ID:
Session-ID-ctx:
Master-Key: 64558D9FB5D8AA7136C42D96259F74F82420230F9F4081BA3C4F21D7B21AC1315E0E34855AC55609456B7D4D6337259C
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1622209065
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
:platinum.libera.chat NOTICE * :*** Checking Ident
:platinum.libera.chat NOTICE * :*** Looking up your hostname...
^CBear in mind that if you hit the same server lots of times without completing client registration, it is liable to lock you out for exceeding the throttle limit, and then if you keep connecting to it, you will get a pseudo tdline which will respond with a plaintext error message even to a TLS port (because the whole point is to reduce the load from abusive clients as much as possible, so negotiating TLS would defeat the point).
A script such as used above is likely to trip that.
KOLANICH
commented
3 years ago no way to grow a network
They are already grown enough to be free to abuse the power they have without any consequences, that's why you are here begging. If they were not grown enough, you would have just said "OK" and stopped using their network. But they are grown, it is not they need you in their network, it is you need yourself in it.
edk0
commented
3 years ago I think it might be the EC certs?
aaronmdjones
commented
3 years ago Oh, could be, but GNUTLS has supported those since 2012.
edk0
commented
3 years ago but weechat might get confused
aaronmdjones
commented
3 years ago Eh, like I said, I'm connected with WeeChat right now, and it doesn't seem much befuddled by our ECDSA certificate or my EdDSA one:
2021-05-26T11:23:30Z --- irc: connecting to server irc.libera.chat/6697 (SSL)...
2021-05-26T11:23:30Z --- gnutls: sending one certificate
2021-05-26T11:23:30Z --- - client certificate info (/home/aaron/.weechat/certs/LiberaChat.pem):
2021-05-26T11:23:30Z --- - subject `CN=amdj,O=LiberaChat IRC Network', issuer `CN=amdj,O=LiberaChat IRC Network', serial [...], EdDSA (Ed25519) key 256 bits, signed using EdDSA-Ed25519, [...]
2021-05-26T11:23:30Z --- gnutls: receiving 3 certificates
2021-05-26T11:23:30Z --- - certificate[1] info:
2021-05-26T11:23:30Z --- - subject `CN=tungsten.libera.chat', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x03c79ccb302df678c159bf9f081dc2016170, EC/ECDSA key 384 bits, signed using RSA-SHA256, activated `2021-05-21 19:21:48 UTC', expires `2021-08-19 19:21:48 UTC', pin-sha256="pmJLz2UuHB09Qi5KPiX0On1HmAsv+/JPO5/VW90TVXc="
2021-05-26T11:23:30Z --- - certificate[2] info:
2021-05-26T11:23:30Z --- - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0="
2021-05-26T11:23:30Z --- - certificate[3] info:
2021-05-26T11:23:30Z --- - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="
2021-05-26T11:23:30Z --- gnutls: peer's certificate is trusted
2021-05-26T11:23:30Z --- irc: connected to irc.libera.chat/6697 (2001:6b0:e:2a18::120)
yes, but your weechat always worked, and chron0's didn't. @chron0 - i've switched zirconium.libera.chat to rsa; could you do me a solid and try to connect to that?
chron0
commented
3 years ago hmkay, took me a little to restore the testcase but I think I have a working negative and positive result scenario:
16:28:05 irc.libera.chat -- | irc: connecting to server irc.libera.chat/6697 (SSL)...
16:28:09 irc.libera.chat =!= | irc: TLS handshake failed
16:28:09 irc.libera.chat =!= | irc: error: A TLS fatal alert has been received.
16:28:09 irc.libera.chat -- | irc: reconnecting to server in 10 seconds
16:28:19 irc.libera.chat | irc: auto-reconnection is cancelled
16:28:19 irc.libera.chat -- | irc: disconnected from server
16:28:38 weechat | irc: server zirconium.libera.chat added (temporary server, NOT SAVED!)
16:28:38 zirconium.libera.chat -- | irc: connecting to server zirconium.libera.chat/6697 (SSL)...
16:28:38 zirconium.libera.chat -- | gnutls: connected using 2048-bit Diffie-Hellman shared secret exchange
16:28:38 zirconium.libera.chat -- | gnutls: receiving 3 certificates
16:28:38 zirconium.libera.chat -- | - certificate[1] info:
16:28:38 zirconium.libera.chat -- | - subject `CN=zirconium.libera.chat', issuer `C=US,O=Let's Encrypt,CN=R3', RSA key 4096 bits, signed using RSA-SHA256, activated `2021-05-28 13:37:37 UTC', expires `2021-08-26 13:37:37 UTC', SHA-1 fingerprint
| `5c2c4c34d0e6ddd2c4dedfeb6a9a223d4caad273'
16:28:38 zirconium.libera.chat -- | - certificate[2] info:
16:28:38 zirconium.libera.chat -- | - subject `C=US,O=Let's Encrypt,CN=R3', issuer `C=US,O=Internet Security Research Group,CN=ISRG Root X1', RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC',
| SHA-1 fingerprint `a053375bfe84e8b748782c7cee15827a6af5a405'
16:28:38 zirconium.libera.chat -- | - certificate[3] info:
16:28:38 zirconium.libera.chat -- | - subject `C=US,O=Internet Security Research Group,CN=ISRG Root X1', issuer `O=Digital Signature Trust Co.,CN=DST Root CA X3', RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires
| `2024-09-30 18:14:03 UTC', SHA-1 fingerprint `933c6ddee95c9c41a40f9f50493d82be03ad87bf'
16:28:38 zirconium.libera.chat -- | gnutls: peer's certificate is trusted
16:28:39 zirconium.libera.chat -- | irc: connected to zirconium.libera.chat/6697 (46.16.175.175)
16:28:39 zirconium.libera.chat -- | zirconium.libera.chat: *** Checking Ident
16:28:39 zirconium.libera.chat -- | zirconium.libera.chat: *** Looking up your hostname...
16:28:39 zirconium.libera.chat -- | zirconium.libera.chat: *** Found your hostname: stargazer.open-resource.org
16:28:39 zirconium.libera.chat -- | zirconium.libera.chat: *** No Ident response
16:28:39 zirconium.libera.chat -- | irc: nickname "root" is already in use, trying nickname "root1"
16:28:39 zirconium.libera.chat -- | Welcome to the Libera.Chat Internet Relay Chat Network root1
16:28:39 zirconium.libera.chat -- | Your host is zirconium.libera.chat[46.16.175.175/6697], running version solanum-1.0-dev
16:28:39 zirconium.libera.chat -- | This server was created Wed May 19 2021 at 13:48:24 UTC
16:28:39 zirconium.libera.chat -- | zirconium.libera.chat solanum-1.0-dev DGQRSZaghilopsuwz CFILMPQSbcefgijklmnopqrstuvz bkloveqjfI
16:28:39 zirconium.libera.chat -- | KNOCK SAFELIST ELIST=CTU ETRACE FNC MONITOR=100 CALLERID=g WHOX CHANTYPES=# EXCEPTS INVEX CHANMODES=eIbq,k,flj,CFLMPQScgimnprstuz :are supported by this server
16:28:39 zirconium.libera.chat -- | CHANLIMIT=#:250 PREFIX=(ov)@+ MAXLIST=bqeI:100 MODES=4 NETWORK=Libera.Chat STATUSMSG=@+ CASEMAPPING=rfc1459 NICKLEN=16 MAXNICKLEN=16 CHANNELLEN=50 TOPICLEN=390 DEAF=D :are supported by this server
16:28:39 zirconium.libera.chat -- | TARGMAX=NAMES:1,LIST:1,KICK:1,WHOIS:1,PRIVMSG:4,NOTICE:4,ACCEPT:,MONITOR: EXTBAN=$,ajrxz CLIENTVER=3.0 :are supported by this server
16:28:39 zirconium.libera.chat -- | There are 51 users and 22505 invisible on 21 servers
16:28:39 zirconium.libera.chat -- | 33 :IRC Operators online
16:28:39 zirconium.libera.chat -- | 2 :unknown connection(s)
16:28:39 zirconium.libera.chat -- | 16461 :channels formed
16:28:39 zirconium.libera.chat -- | I have 1488 clients and 1 servers
16:28:39 zirconium.libera.chat -- | 1488 5569 :Current local users 1488, max 5569
16:28:39 zirconium.libera.chat -- | 22556 22563 :Current global users 22556, max 22563
16:28:39 zirconium.libera.chat -- | Highest connection count: 5570 (5569 clients) (24492 connections received)
16:28:39 zirconium.libera.chat -- | - zirconium.libera.chat Message of the Day -
16:28:39 zirconium.libera.chat -- | - This server provided by Seeweb <https://www.seeweb.it/>
16:28:39 zirconium.libera.chat -- | - Welcome to libera.chat, the IRC network for free & open-source software
16:28:39 zirconium.libera.chat -- | - and peer directed projects.
16:28:39 zirconium.libera.chat -- | -
16:28:39 zirconium.libera.chat -- | - Please visit us in #libera for questions and support.
16:28:39 zirconium.libera.chat -- | End of /MOTD command.so, changes on zirconium look pretty solid @edk0
chron0
commented
3 years ago @KOLANICH dafuq? begging? srsly.... things are getting really fucked up here - I've been growing open-source shit for over 30 years and having irc com was a good portion of the game - we assisted and helped each other with issues. If you guys think i NEED libera and am begging here then i really regret even wasting a minute to test this...
edk0
commented
3 years ago i don't know what their problem is but i appreciate the help testing, i'll reissue the other public servers today if we haven't run into LE's limit yet
chron0
commented
3 years ago @edk0 ssl grade still a+ ok:
Start 2021-05-28 16:44:22 -->> 46.16.175.175:6697 (zirconium.libera.chat) <<--
rDNS (46.16.175.175): --
Service detected: Couldn't determine what's running on port 6697, assuming no HTTP service => skipping all HTTP checks
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
NPN/SPDY not offered
ALPN/HTTP2 not offered
Testing cipher categories
NULL ciphers (no encryption) not offered (OK)
Anonymous NULL Ciphers (no authentication) not offered (OK)
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK)
Triple DES Ciphers / IDEA not offered
Obsoleted CBC ciphers (AES, ARIA etc.) not offered
Strong encryption (AEAD ciphers) with no FS not offered
Forward Secrecy strong encryption (AEAD ciphers) not offered
Testing server's cipher preferences
Has server cipher order? Handshake error!no matching cipher in this list found (pls report this): DHE-RSA-SEED-SHA:SEED-SHA:DES-CBC3-SHA:RC4-MD5:DES-CBC-SHA:RC4-SHA:AES128-SHA:AES128-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-SHA256:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:ADH-AES256-GCM-SHA384:AECDH-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA .
Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4
FS is offered (OK)
Testing server defaults (Server Hello)
TLS extensions (standard) (none)
Session Ticket RFC 5077 hint no -- no lifetime advertised
SSL Session ID support yes
Session Resumption Tickets no, ID resumption test failed
TLS clock skew Random values, no fingerprinting possible
Client Authentication optional
CA List for Client Auth empty
Client problem: No server certificate could be retrieved. Thus we can't continue with "server defaults".
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) not vulnerable (OK)
Ticketbleed (CVE-2016-9244), experiment. -- (applicable only for HTTPS)
ROBOT not vulnerable (OK)
Secure Renegotiation (RFC 5746) OpenSSL handshake didn't succeed
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) test failed (couldn't connect)
POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support
TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
FREAK (CVE-2015-0204) not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1
LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK)
Winshock (CVE-2014-6321), experimental not vulnerable (OK)
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
Could not determine the protocol, only simulating generic clients.
Running client simulations via sockets
Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy
------------------------------------------------------------------------------------------------
Android 4.4.2 No connection
Android 5.0.0 No connection
Android 6.0 No connection
Android 7.0 (native) No connection
Android 8.1 (native) No connection
Android 9.0 (native) No connection
Android 10.0 (native) No connection
Chrome 74 (Win 10) No connection
Chrome 79 (Win 10) No connection
Firefox 66 (Win 8.1/10) No connection
Firefox 71 (Win 10) No connection
IE 6 XP No connection
IE 8 Win 7 No connection
IE 8 XP No connection
IE 11 Win 7 No connection
IE 11 Win 8.1 No connection
IE 11 Win Phone 8.1 No connection
IE 11 Win 10 No connection
Edge 15 Win 10 No connection
Edge 17 (Win 10) No connection
Opera 66 (Win 10) No connection
Safari 9 iOS 9 No connection
Safari 9 OS X 10.11 No connection
Safari 10 OS X 10.12 No connection
Safari 12.1 (iOS 12.2) No connection
Safari 13.0 (macOS 10.14.6) No connection
Apple ATS 9 iOS 9 No connection
Java 6u45 No connection
Java 7u25 No connection
Java 8u161 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 521 bit ECDH (P-521)
Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 256 bit ECDH (P-256)
Java 12.0.1 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 256 bit ECDH (P-256)
OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 521 bit ECDH (P-521)
OpenSSL 1.1.0l (Debian) TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 253 bit ECDH (X25519)
OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Thunderbird (68.3) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Rating (experimental)
Rating specs (not complete) SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
Specification documentation https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
Protocol Support (weighted) 100 (30)
Key Exchange (weighted) 100 (30)
Cipher Strength (weighted) 60 (24)
Final Score 84
Overall Grade A+
Done 2021-05-28 16:45:26 [ 69s] -->> 46.16.175.175:6697 (zirconium.libera.chat) <<--@edk0 thx for looking into it - I got lucky that weechat still provides a repo for xenial, so i could help myself by going to 3.1 (as far as I can tell the lowest version not affected by this is 2.8) - I'll keep the testing scaffold for now, just in case...
edk0
commented
3 years ago i've refreshed all servers in the rotation onto rsa keys. i can't see any point in sticking to EC certs if they break things
chron0
commented
3 years ago <3 - connection test against irc.libera.chat werked:
21:06:10 weechat | ___ __ ______________ _____
21:06:10 weechat | __ | / /___________ ____/__ /_______ __ /_
21:06:10 weechat | __ | /| / /_ _ \ _ \ / __ __ \ __ `/ __/
21:06:10 weechat | __ |/ |/ / / __/ __/ /___ _ / / / /_/ // /_
21:06:10 weechat | ____/|__/ \___/\___/\____/ /_/ /_/\__,_/ \__/
21:06:10 weechat | WeeChat 2.4 [compiled on Feb 17 2019 10:14:43]
21:06:10 weechat | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
21:06:17 weechat | Plugin "irc" loaded
21:06:37 weechat | irc: server irc.libera.chat added (temporary server, NOT SAVED!)
21:06:37 irc.libera.chat -- | irc: connecting to server irc.libera.chat/6697 (SSL)...
21:06:37 irc.libera.chat -- | gnutls: connected using 2048-bit Diffie-Hellman shared secret exchange
21:06:37 irc.libera.chat -- | gnutls: receiving 3 certificates
21:06:37 irc.libera.chat -- | - certificate[1] info:
21:06:37 irc.libera.chat -- | - subject `CN=zinc.libera.chat', issuer `C=US,O=Let's Encrypt,CN=R3', RSA key 4096 bits, signed using RSA-SHA256, activated `2021-05-28 19:20:51 UTC', expires `2021-08-26 19:20:51 UTC', SHA-1 fingerprint
| `c684ba3f18fede229cc3e72714c4f8deff9bb07c'
21:06:37 irc.libera.chat -- | - certificate[2] info:
21:06:37 irc.libera.chat -- | - subject `C=US,O=Let's Encrypt,CN=R3', issuer `C=US,O=Internet Security Research Group,CN=ISRG Root X1', RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', SHA-1
| fingerprint `a053375bfe84e8b748782c7cee15827a6af5a405'
21:06:37 irc.libera.chat -- | - certificate[3] info:
21:06:37 irc.libera.chat -- | - subject `C=US,O=Internet Security Research Group,CN=ISRG Root X1', issuer `O=Digital Signature Trust Co.,CN=DST Root CA X3', RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30
| 18:14:03 UTC', SHA-1 fingerprint `933c6ddee95c9c41a40f9f50493d82be03ad87bf'
21:06:37 irc.libera.chat -- | gnutls: peer's certificate is trusted
21:06:37 irc.libera.chat -- | irc: connected to irc.libera.chat/6697 (195.148.124.80)
21:06:37 irc.libera.chat -- | zinc.libera.chat: *** Checking Ident
21:06:37 irc.libera.chat -- | zinc.libera.chat: *** Looking up your hostname...
21:06:37 irc.libera.chat -- | zinc.libera.chat: *** No Ident response
21:06:37 irc.libera.chat -- | zinc.libera.chat: *** Found your hostname: stargazer.open-resource.org
21:06:37 irc.libera.chat -- | irc: nickname "root" is already in use, trying nickname "root1"
21:06:37 irc.libera.chat -- | Welcome to the Libera.Chat Internet Relay Chat Network root1
21:06:37 irc.libera.chat -- | Your host is zinc.libera.chat[195.148.124.80/6697], running version solanum-1.0-dev
21:06:37 irc.libera.chat -- | This server was created Thu May 27 2021 at 22:10:06 UTC
21:06:37 irc.libera.chat -- | zinc.libera.chat solanum-1.0-dev DGQRSZaghilopsuwz CFILMPQSbcefgijklmnopqrstuvz bkloveqjfI
21:06:37 irc.libera.chat -- | WHOX CALLERID=g SAFELIST ELIST=CTU MONITOR=100 ETRACE FNC KNOCK CHANTYPES=# EXCEPTS INVEX CHANMODES=eIbq,k,flj,CFLMPQScgimnprstuz :are supported by this server
21:06:37 irc.libera.chat -- | CHANLIMIT=#:250 PREFIX=(ov)@+ MAXLIST=bqeI:100 MODES=4 NETWORK=Libera.Chat STATUSMSG=@+ CASEMAPPING=rfc1459 NICKLEN=16 MAXNICKLEN=16 CHANNELLEN=50 TOPICLEN=390 DEAF=D :are supported by this server
21:06:37 irc.libera.chat -- | TARGMAX=NAMES:1,LIST:1,KICK:1,WHOIS:1,PRIVMSG:4,NOTICE:4,ACCEPT:,MONITOR: EXTBAN=$,ajrxz CLIENTVER=3.0 :are supported by this server
21:06:37 irc.libera.chat -- | There are 51 users and 22576 invisible on 21 servers
21:06:37 irc.libera.chat -- | 34 :IRC Operators online
21:06:37 irc.libera.chat -- | 11 :unknown connection(s)
21:06:37 irc.libera.chat -- | 16506 :channels formed
21:06:37 irc.libera.chat -- | I have 1977 clients and 1 servers
21:06:37 irc.libera.chat -- | 1977 2035 :Current local users 1977, max 2035
21:06:37 irc.libera.chat -- | 22627 22719 :Current global users 22627, max 22719
21:06:37 irc.libera.chat -- | Highest connection count: 2036 (2035 clients) (10084 connections received)
21:06:37 irc.libera.chat -- | - zinc.libera.chat Message of the Day -
21:06:37 irc.libera.chat -- | - Welcome to libera.chat, the IRC network for free & open-source software
21:06:37 irc.libera.chat -- | - and peer directed projects.
21:06:37 irc.libera.chat -- | -
21:06:37 irc.libera.chat -- | - Please visit us in #libera for questions and support.
21:06:37 irc.libera.chat -- | End of /MOTD command.
21:06:37 irc.libera.chat -- | User mode [+RZi] by root1
Old Android phones (Kit-Kat) have neither non-vulnerable versions of OpenSSL nor the versions supporting TLS 1.2 and 1.3 (though even TLS 1.1 is OK, the protocol is not vulnerable itself, just deprecated by the standardizing bodies). Rebuilding an own OpenSSL and replacing the system one is also not an option - jni wrapper is coupled to the used version of openssl too tightly, replacing it would make the wrapper non-functional (at least I haven't succeed with that). Rebuilding the whole userspace, as you may guess, is infeasible - Android build system is intentionally made such a shit to allow mostly only Googlag and other major corporations to modify Googlag-owned OS.