The time now is Apr 16, 2014 - 08:52 AM


SSL class 11. jul 2009

Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
 
Author Message
dev0Offline
Post subject: SSL class 11. jul 2009  PostPosted: Jul 11, 2009 - 11:24 PM #129887
Gold Member
Gold Member


Joined: Sep 28, 2005
Posts: 208
Location: Norway
Status: Offline
<!Class> How To Connect With SSL
<!Class>
<!Class> What is SSL?
<!Class> SSL is a method of connecting that uses encryption. SSL stands for Secure Socket Layer.
<!Class>
<!Class> How useful is it?
<!Class> With SSL, outside sources who might be monitoring your traffic will not be able to decipher what you are saying
<!Class> in the channel or any communication with the server. However, the only way to be sure that your communication is secure is if everyone in a
<!Class> said channel are using SSL. (Because otherwise, someone would be able to see your communication via another user's connection.)
<!Class> This problem can be solved by setting the channel mode +S (note that it is capital S). This mode makes it so a user has to be on an SSL connection to join.
<!Class>
<!Class> Where do I get SSL?
<!Class> You can get the windows binaries for OpenSSL, an open-source SSL project, at http://www.openssl.org/related/binaries.html
<!Class> Simply follow the binary's instructions for installing. The DLL files should install to the Windows System folder (usually c:\Windows\System32)
<!Class>
<!Class> Connecting to IRCHighway with SSL encryption
<!Class> You can connect to IRCHighway with SSL via IRCHighway's SSL port, which is 9999
<!Class> i.e. "/server irc.irchighway.net +9999" or "/server -e irc.irchighway.net 9999"
<!Class> Keep in mind that you cannot connect to IRCHighway with SSL until it receives your ident, so unless you have port 113 forwarded with ident enabled,
<!Class> the connection may time out, so make sure the timeout is at least 60 seconds. This can be set in Connect->Options->Retry with the
<!Class> "If not connected in:" value.
<!Class>
<!Class> How to tell if it is working
<!Class> After installing OpenSSL and restarting mIRC, typing "//echo -a $sslready" should return $true if it is working correctly. It will
<!Class> return $false otherwise. If it is not working, make sure the DLL's are in the Windows System Folder. If they are, try moving them to the mirc folder itself.
<!Class> If it still does not work, try restarting the computer. You can always come to #help for assistance if you need it. When SSL is working correctly and you
<!Class> connect, you should see an indication in your /whois that you are using a secure connection.
<!Class>
<!Class> Class has finished, you may now submit any questions you have with the command /msg Class question QuestionHere

<!Class> Question(#1): I noticed you used 2 different things for the port : +9999 and 9999. Which is used for what purpose?
<!Genji> theres 2 different ways of connecting with ssl
<!Genji> theres /server irc.irchighway.net +9999
<!Genji> the plus sign tells mirc that it is an SSL port
<!Genji> alternatively you can do /server -e irc.irchighway.net 9999
<!Genji> the -e flag indicates it is using SSL also
<!Genji> but you dont need the + if you specify the -e flag
<!Genji> you can look at /help /server
<!Genji> for more details
<!Genji> if you have the help file

<!Class> Question(#3): what is the comand -e in /server -e?
<!Genji> just answered that

<!Class> Question(#5): What is the indication in the /whois that you're running a secure connection?
<!Genji> if you /whois yourself after you're connected you should see a line like
<!Genji> Genji is using a secure connection (SSL)
<!Genji> if you see that you know you're using SSL

<!Class> Question(#9): You kinda lost me at "port 113 forwarded with ident enabled"
<!Genji> alright, port 113 is the ident port
<!Genji> when you connect to the server it requests your ident
<!Genji> with SSL it doesnt connect until it receives the ident
<!Genji> ident is what it shows before the @ in your host
<!Genji> like for me its "what"
<!Genji> if it cant receive it, it times out eventually and you connect without it receiving it
<!Genji> so if port 113 isnt forwarded it'll timeout if you dont have your timeout setting high enough
<@Avenger> The ident packets are not necessarily encrypted as it runs in a sepparate process than IRC and is done -during- negotiation of the IRC connection.

<!Class> Question(#10): QuestionHere Are there any drawbacks to connecting with SSL (CPU/memory footprint, etc.)?
<!Genji> i dont know of any, except depending on your filters and stuff it might be slower
<!Genji> it was slower for me when i was at school and behind a NAT
<!Genji> as opposed to non-SSL
<!dev0> i'm behind nat and a firewall
<!dev0> and its not any slower, so depends on the hardware/connection
<!Genji> right
<!Genji> filters
<!Genji> !next

<!Class> Question(#11): Does SSL has any special requirements? I suddenly experience disconnects from irchighway server at increased frequency since I started using it.
<!Genji> well i guess that sort of goes in with the last question
<@Xaquseg> i can answer that
<!Genji> ok
<!Genji> lol
<@Xaquseg> SSL is more sensitive to network problems
<@Xaquseg> if you have a connectivity issue of some sort
<@Xaquseg> or something is modifying the traffic
<@Xaquseg> etc.
<@Xaquseg> then, yes, you might see more disconnects

<!Class> Question(#12): How would you go about automatically connecting with SSL every time you connect? Would you just go to options > options > default port 9999?
<!Genji> im not sure since ive not tried just setting it as my default port but it should work if you just make it +9999

<!Class> Question(#13): What's ident for if you can connect just fine without it going through?
<!Genji> its just for having your own custom ident
<!dev0> Ident is a service intended to 'identify' the user connecting to IRC, it is just another measure to set a user's identity, but it is required in some IRC networks as security mechanism.
<!Genji> if it doesnt go through it just uses the username part of your email

<!Class> Question(#14): Does SSL affect DCChat/Send in any way?
<!Genji> i dont think so, thats just a direct connection with another user
<!Genji> SSL handles communication with the server
<@Xaquseg> dcc is unrelated to the server, and is generally not encrypted
<@Xaquseg> encryption of dcc would have to be a client feature
<@Xaquseg> afaik nothing supports such a thing
<@Avenger> DCC chat/send is negotiated during IRC connection but the connection itself is made directly between the users, thus only IPs and ports are negotiated thru SSL and the connection is made unencrypted and goes only between the two involved parts on the DCC.
<@Xaquseg> pretty much, yes
<!Genji> lol
<!Genji> yeah

<!Class> Question(#15): When I first started using SSL, every time I connected I had to authorize a security certificate or something. Is this for the first time you connect to each server on a network?
<@Xaquseg> in theory it could be encrypted; but nothing supports it
<@Avenger> Yes, as SSL sites, there are measures to keep the identities of the servers. One is by trusting the secure server's 'certificate of authority'.
<!Genji> depending on your client, you can have it auto accept it in the future
<!Genji> in mirc i believes theres a checkbox
<!Genji> thats in the popup that asks if you want to accept it
<!dev0> but the first time you connect to a server the box will pop up
<!Genji> yeah
<@Avenger> If someone tries to 'pretend' to be the server, you will be warned about that certificate being changed.
<!Genji> yup
<@Xaquseg> do note
<@Xaquseg> we have multiple servers, so you will see multiple certs that need to be accepted


<Sancdar> oh, i forgot a question. when you're using SSL, your info is encrypted on the way to the server, then decrypted and sent out to everyone as plaintext?
<!Genji> the server sends it encrypted to other users who are using SSL
<!Genji> and not encrypted to those who arent
<!Genji> thats why everyone needs SSL in a channel
<!dev0> if you are in a channel with only SSL clients (+S channel)
<!dev0> the text is encrypted all the time
 
 View user's profile Send private message  
Reply with quote Back to top
VinneyOffline
Post subject: Re: SSL class 11. jul 2009  PostPosted: Jul 18, 2009 - 07:29 PM #129908
Newbie
Newbie


Joined: Jan 15, 2009
Posts: 2

Status: Offline

dev0 wrote:

<!Class> Question(#12): How would you go about automatically connecting with SSL every time you connect? Would you just go to options > options > default port 9999?
<!Genji> im not sure since ive not tried just setting it as my default port but it should work if you just make it +9999


The default port doesn't work, it still defaults to 6666, 6667, etc.

This works more efficiently:

on 1:START: /server irc.irchighway.net port +9999
 
 View user's profile Send private message  
Reply with quote Back to top
Display posts from previous:     
All times are GMT - 5 Hours
Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
 
Jump to:  

Powered by PNphpBB2 © 2003-2007 The PNphpBB Group
Credits