Open f0x52 opened 4 years ago
as per the Matrix room, this is going to be a generic connectionOpts config flag
I'd probably be worth explicitly documenting the solution for this particular edge case (weak CA signature) as well. It took entirely too much time to figure that out yesterday :)
for my bridge to a network with a self-signed certificate, I had to make some low-level changes to node-irc, to make sure it didn't error out with a "CA signature digest algorithm too weak"
This involves changing
node-irc
's connectionOpts, and appending@SECLEVEL=0
[1] to the standard cipherlist[2] in the cert key.I'd like to upstream that, but I'm unsure if it should be exposed on the matrix-appservice-irc side as "Object to be merged with node-irc's connectionOpts", or a specific flag just for allowing weak CA signature digests
[1] https://github.com/openssl/openssl/issues/3558#issuecomment-383154880 [2] https://nodejs.org/api/tls.html#tls_modifying_the_default_tls_cipher_suite