Feature #1866: Implicit TLS (with SNI) connection mode - Quassel IRC - Quassel IRC Issue Tracker

Feature #1866

Implicit TLS (with SNI) connection mode

Added by Avamander over 1 year ago. Updated 6 days ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

07/30/2023

Due date:

% Done:

Estimated time:

OS:

Any

Description

It would be very useful if Quassel had a client-core connection mode that use pure implicit TLS (with SNI).

This would provide multiple benefits:

Adds the ability to use any TLS load balancer or terminator (traefik/nginx/etc. with more nuanced configuration)
Implicit TLS like implemented by other software is likely less failure-prone thus more secure than any ad-hoc TLS support
Resists protocol fingerprinting
Adds the potential to leverage things like mTLS (using a YubiKey/smartcard for auth), ECH or QUIC in the future

In theory it shouldn't also be that difficult to implement using already available libraries.

History

#1 Updated by peterpanpan 6 days ago

During my first experience with uno online, I did not foresee such a profound level of intrigue. Participating in games not only offers entertainment but also functions as an effective method for sustaining communication with cherished individuals, irrespective of their geographical location.

Also available in: Atom PDF

Project

General

Profile

Quassel IRC

Issues

Feature #1866

Implicit TLS (with SNI) connection mode

History

#1 Updated by peterpanpan 6 days ago