The "sslmodes" Module (v4)
Description
This module adds channel mode z (sslonly) which prevents users who are not connecting using TLS from joining the channel and user mode z (sslqueries) to prevent messages from non-TLS users.
Configuration
To load this module use the following <module> tag:
<module name="sslmodes">
<sslmodes>
The <sslmodes> tag defines settings about how the sslmodes module should behave. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| extbanoperonly | Boolean | Depends on <sslinfo:operonly> | New in v4.10.0! Whether extended ban z: (fingerprint) can only be set by server operators. |
Example Usage
<sslmodes extbanoperonly="no">
Channel Modes
| Name | Character | Type | Parameter Syntax | Usable By | Description |
|---|---|---|---|---|---|
| sslonly | z | Switch | None | Channel operators | Prevents users who are not connected using TLS from joining the channel. |
User Modes
| Name | Character | Type | Parameter Syntax | Usable By | Description |
|---|---|---|---|---|---|
| sslqueries | z | Switch | None | Anyone | Prevents messages from being sent to or received from a user that is not connected using TLS. |
Extended Bans
| Name | Character | Type | Ban Syntax | Description |
|---|---|---|---|---|
| fingerprint | z | Matching | [!]fingerprint:<pattern> | Checks whether users have a TLS client certificate with a fingerprint matching <pattern>. |
Example Usage
Bans users with a TLS client certificate fingerprint of 5d7499e1a3537687a2e875fed60b171508a4d1384351e276c4f961ab80729249:
/MODE #channel +b fingerprint:5d7499e1a3537687a2e875fed60b171508a4d1384351e276c4f961ab80729249
Special Notes
If you have a user on your accept list they will be exempt from user mode z (sslqueries).