Sunday, October 25, 2020

Upcoming Changes Regarding Connection Security

Hello everyone! As per usual, I am once again back to write about something regarding the network. This time, though, it is more of an open-ended "think out loud" type of announcement.

For a while now, Techtronix has only accepted secure connections to the network, with only a few exceptions. This change was implemented on January 1, 2017. Since then, it seems that adoption of TLS for connections to the network has gone by smoothly. In fact, I believe that the search engine bots also connect using TLS.

However, the world continues to evolve around us. I initially set the minimum requirement for secure connections to be TLS 1.0. However, TLS 1.0 and 1.1 have proven security vulnerabilities, and have been deprecated by major players in the industry such as Apple, Google, and Microsoft. TLS 1.2 and 1.3, defined in 2008 and 2018 respectively, are now the dominant versions used in other areas of the internet, especially web traffic. With this in mind, I am now considering switching off TLS 1.0 and 1.1 support on Techtronix starting on January 1, 2021.

As I mentioned at the beginning of this post, this is something that I have not fully committed to, yet. I plan soon to begin surveying current and future connections to the network to see what version of TLS is being used, along with other information such as ciphers. I am working with genius3000 on this. In fact, my interest in this kind of data might become a standard InspIRCd feature some day.

As of now, I have no other pending changes scheduled for the start of the new year. After the InspIRCd 3 move and the migration of services to use a SQL backend to enable stats, changes have been slower, and naturally so.

As always, if you have questions or comments, you know where to find me.

No comments:

Post a Comment