Confusing client connected log/snotice when using STS-only listener

[csmith]

If a client connects to an STS-only plaintext port, Ora seems to send the full registration blurb and announces the client connected in the logs and to opers via snotice.

This happens even if the server has a password set and the user doesn't provide it. Seeing "Client connected" messages on servers you expect to be completely private is a little panic inducing!

While we could just not log clients on STS-only connections, it might be nice if there was a separate dummy registration process entirely for this case so it doesn't disclose server information like uptime and version that would otherwise be behind the password.

[slingamn]

This is totally legit and I'll plan to do some mitigations here.

However --- what's the use of an STS-only listener on a private server? It seems like it increases the attack surface to no real purpose. (In particular, even though darwin is not private in any meaningful sense, I have not enabled an STS-only listener there, because I'm concerned that if clients are able to open a plaintext connection to port 6667 at all, they might respond by sending their SASL PLAIN blob without waiting for cap negotiation.)

[csmith]

what's the use of an STS-only listener on a private server?

I'm not sure I really have a good answer to that! It just feels a bit weird otherwise. I guess in my head it's a bit like HTTP - it'd be extremely odd to drop packets to port 80 instead of redirecting to HTTPS. (Of course HTTP has a much better redirection mechanism, and doesn't shout its password over the internet as soon as it opens a connection...)

[slingamn]

This is an unpopular opinion in the IRCv3 world, but I think STS and STS-only are bad options and server operators should simply disable plaintext entirely.

Partly it's that the redirection mechanism is bad. But also, HSTS is intended to solve the "address bar" problem: people keep typing qux.com into their browsers and without HSTS, the browser would revert to the insecure default of plaintext on port 80 each time. In contrast, the typical IRC client provides an experience more like a bookmark: if you force users to set up TLS initially, then the client will do TLS-from-the-first-byte forever.