Skip to content

Instantly share code, notes, and snippets.

@ChrisTyrrel

ChrisTyrrel/PanicBNC-ZNCUpgrade.md

Last active July 23, 2018 04:42
Show Gist options
  • Save ChrisTyrrel/71c819bf81aef98255130ce9ea5fa991 to your computer and use it in GitHub Desktop.
Save ChrisTyrrel/71c819bf81aef98255130ce9ea5fa991 to your computer and use it in GitHub Desktop.
Download ZIP
ZNC 1.7.1
Raw
PanicBNC-ZNCUpgrade.md

The new version of ZNC is based off of ZNC-1.7.1, the current ZNC release. The goal with the ZNC upgrade was to keep things as vanilla as possible. The most notable PanicBNC change was the removal of server and network changes along with only allowing ident changes to Premium users.

This version also contains numerous security fixes, improvements, and features. Too many to list here so they're here, check past version 1.4. Yeah, it's been that long. The largest change will be the verification of all SSL connections.

SSL

Previously IRC connections using non-valid SSL certificates (expired, self-signed, etc) were allowed, this will no longer happen with the new ZNC version. With the increase of free certificate authorities such as Let's Encrypt, there is no reason to not have a valid SSL certificate, or not being using SSL at all.

PanicBNC will accept new SSL IRC network requests with invalid certificates but will not provide a list of fingerprints to bypass the SSL verification. Too many networks exist with invalid certificates, it is too tedious to maintain a list of their fingerprints.

If ZNC rejects the SSL certificate, users will have three options.

  • (Not Recommended due to MITM possibility): Disable certificate checking by using /msg *controlpanel setnetwork TrustAllCerts $me $network true, /znc loadmod controlpanel may need to be run first.
  • Add SSL certificate fingerprints by using /znc AddTrustedServerFingerprint <fingerprint>. Some IRC networks publish a list of their fingerprints.
  • (NOT RECOMMENDED due to MITM possibility): ZNC presents certificate information when it attempts to connect. If the user feels they trust the certificate, ZNC presents a command that can be used to add that SSL fingerprint to the 'Allowed' list.

The following list contains networks known to utilize invalid SSL Certificates:

  • DALnet
  • EFnet
  • IRCnet

This change applies to both Premium and non-Premium users. Disabling this feature would diminish the security of other users who wish to maintain a secure connection.

mIRC

If you receive CAP ACKS but cannot do anything else, you need to update your version of mIRC.

Upgrade Status

Complete

  • Aquarius
  • Aries
  • Cancer
  • Capricorn
  • Gemini
  • Leo
  • Libra
  • Monkey
  • Pisces
  • Rabbit
  • Sagittarius
  • Scorpio
  • Taurus
  • Tiger
  • Virgo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment