-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
configured sslciphers not respected. #6465
Comments
I had to clear tls1.3 and unintended ciphers in openssl.cnf to make it work. |
Does the Mumble config setting (without changed OpenSSL config) come into effect when you create a fresh server (that doesn't reuse the old's database)? |
So I digged a little. It looks like official client does not support chacha20 in (EC)DHE mode. And it seems the sslciphers config options does not accept ciphersuit name. |
So for clafirication. I'm still using TLS 1.3 but with only chacha20 one. I removed AES ciphersuit from openssl.cnf since mumble config does not regconise ciphersuit name which means i can not set the preference there. |
When using the 'cause what is printed there should also be used for the actual connections if I read the code correctly 🤔 |
Server won't startup. The TLS1.3 cipher string is not recognized by the option. |
It's very weired that MetaParams automatically prepend tls1.3 ciphers,but the options does not recognize it when manually entered. |
The appending of additional ciphers is actually done by OpenSSL, it seems. The cipher list entering Lines 49 to 108 in 9f0b143
is the one from the INI file but the one leaving this function contains the extra ciphers. |
According to https://manpages.debian.org/testing/libssl-doc/OPENSSL_config.3ssl.en.html |
The issue
I configed sslCiphers=DHE-RSA-CHACHA20-POLY1305 in server ini to disable AES.
However when starting server the following indicating it's not respected and clients still connecting with AES encryption.
2024-06-12 13:01:34.054 MetaParams: TLS cipher preference is "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:DHE-RSA-CHACHA20-POLY1305"
Mumble version
1.5.634
Mumble component
Server
OS
Linux
Additional information
No response
The text was updated successfully, but these errors were encountered: