Saturday, September 4, 2021

Upcoming Changes to Insecure Connections

Hello, everyone! Wanted to discuss something that I briefly mentioned in #lounge recently. Since it concerns connection options for the network, I figured that it would be a good time to write a post about.

Since the beginning of 2017, Techtronix enacted a soft policy on blocking insecure connections over port 6667. The blocking is considered soft as exceptions could be made to allow connections through based on IP address/range or server password. Exceptions were made early on, mainly for the IRC index bots that catalog IRC networks.

Since then, all currently-relevant IRC index bots have been updated to support TLS connections, and all of the existing exceptions once made outside of those bots have also moved to supporting TLS. In reality, there have been no exceptions for quite some time.  Due to this, I think it is time to close down port 6667 for good, making the blocking of insecure connections a hard policy. I am tentatively planning on disabling the port at the beginning of 2022, though I may prematurely flip the switch after doing some testing.

If you believe that you will be affected by this change, feel free to leave a comment or contact staff. Keep in mind that no additional exceptions will be made, and no additional exceptions have been made for at least two years. The network currently accepts TLS 1.0 connections and higher, as I have not adjusted the policy from the previous announcement. If you are running an older IRC client or operating system that could pose future challenges in connecting securely, I heavily encourage you to upgrade.

Pro tip: The wiki covers current connection options, as well as alternatives if using a desktop client is not possible.

No comments:

Post a Comment