Merge branch 'irc-tls' into 'master'

irc: fix tls configuration

See merge request !263

roles/irc/tasks/main.yml

@@ -31,11 +31,6 @@
     - motd.txt
     - rules.txt
 
-- name: Generate dhparams
-  command: openssh dhparams -out /etc/inspircd/dhparams 2048
-  args:
-    creates: /etc/inspircd/dhparams
-
 # Install anope configuration.
 
 - file:

roles/irc/templates/inspircd/inspircd.conf

@@ -18,13 +18,13 @@
        email="irc@{{ domain_public[0] }}">
 
 # note: for the TLS configuration check out modules.conf
-<bind address="" port="16697" type="clients" ssl="gnutls">
-<bind address="" port="19999" type="clients" ssl="gnutls">
+<bind address="" port="16697" type="clients" profile="gnutls">
+<bind address="" port="19999" type="clients" profile="gnutls">
 # note: if you change the server port remember to also update links.conf
 # services
 <bind address="127.0.0.1" port="7000" type="servers">
 # linked irc servers
-<bind address="" port="17029" type="servers" ssl="gnutls">
+<bind address="" port="17029" type="servers" profile="gnutls">
 
 <sasl target="services.irc.{{ irc_network_name }}" requiressl="yes">
 

roles/irc/templates/inspircd/modules.conf

@@ -60,11 +60,12 @@
 
 # TLS configuration
 <module name="m_ssl_gnutls.so">
-<sslprofile certfile="/etc/credentials/public/irc.autistici.org/fullchain.pem"
+<sslprofile
+        name="gnutls"
+        certfile="/etc/credentials/public/irc.autistici.org/fullchain.pem"
         keyfile="/etc/credentials/public/irc.autistici.org/privkey.pem"
-        hash="sha1" priority="NORMAL:-MD5"
-        dhfile="/etc/inspircd/dhparams"
-        dhbits="1024">
+        priority="SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:+VERS-TLS1.3:-RSA:-DHE-DSS"
+        >
 
 <module name="m_sslinfo.so">
 <module name="m_svshold.so">