|
|
| Author |
Message |
[al5001]
Guest
|
 Posted: Nov 29, 2003 1:45pm Post subject: SSL Connections |
 |
|
Can people list all of the servers which support SSL? And please list ports that have SSL, thanks 
I prefer to connect on either port 994 or 25401 for SSL.
Hopefully in the future all networks will support SSL. |
|
| Back to top |
|
 |
U
Eleet
Joined: 18 Jun 2003
Posts: 521
Location: IRC
|
| Posted: Nov 29, 2003 4:05pm Post subject: |
|
|
I have a few servers that support it, but its only as an experiment. I don't see why anyone would need to have encrypted communication with an IRC server, but I'm trying it just to try it.
From what I understand though, with the way SSL works, it will eat more bandwith than a 'standard' connection. |
|
| Back to top |
|
|
anifinder
none
Joined: 14 Oct 2003
Posts: 28
|
| Posted: Nov 29, 2003 4:21pm Post subject: |
|
|
We run an SSL server on Creative, but again, like U said, more as an experiment for any user who's particularly paranoid. One annoying fact about it is that although port 994 is the RFC-mandated port for SSL, many IRC servers run on shells without root access (nor should you run ircds as root!), so that binding to that port doesn't work. What Creative ended up doing was recompiling one of the leaf servers with SSL support, and then creating a DNS alias (ssl.*) to point to it. From there, to make sure no one was confused, we ran it on the non-standard port of 6690.
It's not a particularly advertised feature (the only big net I can think of that has SSL is LinkNet), but it is fun to try out occasionally. If you're curious about finding SSL-enabled servers, I know that the author of StunTour (an SSL tunnel DLL for mIRC) has some servers that run it posted on his site. The link is http://www.bovine.net/~jlawson/coding/stuntour/. And, of course, you can try Creative's SSL server on irc://ssl.creativeirc.net:6690.
The main issue is the fact that mIRC lacks native support for SSL, so one is forced to tunnel it. I don't think SSL will become a real force in most IRC networks until it's made a native feature in the major Windows IRC clients. |
|
| Back to top |
|
|
[al5001]
Guest
|
| Posted: Nov 29, 2003 4:44pm Post subject: |
|
|
| U wrote: | I have a few servers that support it, but its only as an experiment. I don't see why anyone would need to have encrypted communication with an IRC server, but I'm trying it just to try it.
From what I understand though, with the way SSL works, it will eat more bandwith than a 'standard' connection. |
SSL doesn't eat bandwith. It takes the private/public keys and generates encrypted text from plain text before sending it to the server. If you run on a broadband service, all your neighbours could possibly see what you are sending to the server, such as things like passwords for identifying to your nickname.
Channels with +z can't be overridden by IRC Ops, however IRC Ops can set -z on the channel to join it. +z channel mode on unreal3.2 can't be bypassed by invites or force joins. All members of the channel have to be on a secure connection before channel mode +z can be set.
SSL is great for IRC. |
|
| Back to top |
|
|
[al5001]
Guest
|
| Posted: Nov 29, 2003 4:47pm Post subject: |
|
|
What I was looking for, was to get everyone that has an IRCd with SSL to post servername and port with SSL and maybe we can all start using SSL.
If you read unreal3.2 docs you can find out how to enable SSL for mIRC so you will be able to connect to SSL ports. Some servers will require you to have a client key so in this case you would need a unix computer with XChat and your own digitally signed certificates, and depending on whether or not the server will allow you to have a self-signed certificate will depend on whether or not you need to get it signed by www.cacert.org. |
|
| Back to top |
|
|
[al5001]
Guest
|
| Posted: Nov 30, 2003 3:36am Post subject: |
|
|
| anifinder wrote: | We run an SSL server on Creative, but again, like U said, more as an experiment for any user who's particularly paranoid. One annoying fact about it is that although port 994 is the RFC-mandated port for SSL, many IRC servers run on shells without root access (nor should you run ircds as root!), so that binding to that port doesn't work. What Creative ended up doing was recompiling one of the leaf servers with SSL support, and then creating a DNS alias (ssl.*) to point to it. From there, to make sure no one was confused, we ran it on the non-standard port of 6690.
It's not a particularly advertised feature (the only big net I can think of that has SSL is LinkNet), but it is fun to try out occasionally. If you're curious about finding SSL-enabled servers, I know that the author of StunTour (an SSL tunnel DLL for mIRC) has some servers that run it posted on his site. The link is http://www.bovine.net/~jlawson/coding/stuntour/. And, of course, you can try Creative's SSL server on irc://ssl.creativeirc.net:6690.
The main issue is the fact that mIRC lacks native support for SSL, so one is forced to tunnel it. I don't think SSL will become a real force in most IRC networks until it's made a native feature in the major Windows IRC clients. |
Your SSL port doesn't work. Take out the clientsonly option since it supports plain text.
It should only be:
listen ip:port { options { ssl; }; };
Also make sure you have ssl enabled in ./Config and have a key generated, make sure it is valid and self-signed or signed by cacert.org or rsa.com. |
|
| Back to top |
|
|
|
|
| |
Register
Log in
