Using SSL
m (SSL-only channel mode is +Z, not +S) |
|||
| Line 1: | Line 1: | ||
| - | + | DareNET's servers support TLS/SSL-enabled connections on ports 6697 and 9999. There are several methods you can utilize to connect to DareNET using an encrypted connection. The method chosen depends on the IRC client being used and any additional tunnel software, if needed. Currently, the following clients offer native or built-in TLS/SSL support for connections: | |
* [http://www.bitchx.org/ BitchX] | * [http://www.bitchx.org/ BitchX] | ||
| Line 8: | Line 8: | ||
* [http://www.kvirc.net/ KVirc] | * [http://www.kvirc.net/ KVirc] | ||
| - | For clients | + | For clients without built-in TLS/SSL support, such as mIRC versions prior to 6.14, you will need to use an TLS/SSL tunnel program. There are three popular TLS/SSL tunnels in use now for IRC clients: [http://www.stunnel.org/ Stunnel] (Unix/Linux/Windows), [http://oifan.xf.cz/WinSSLWrap/ WinSSLWrap] (Windows), and [http://jeff.bovine.net/Stuntour StunTour] (Windows). |
| - | + | This method establishes a TLS/SSL connection by connecting through a tunnel. The tunnel opens a TLS/SSL connection to the IRC server, and then opens a local connection your computer. The local connection is usually opened on port 6667, the default IRC port, though this can be customized by the user. The client then only needs to connect to localhost (127.0.0.1), using the port the TLS/SSL tunnel is listening on. | |
| - | + | ==Servers supporting TLS/SSL== | |
| - | + | All DareNET IRC servers presently support TLS/SSL-enabled connections on ports 6697 and 9999; therefore, you may still specify ''irc.darenet.org'' as the server to use (which will connect you to a server geographically closest to you). | |
| - | + | ==Using SSL with mIRC 6.14+ == | |
| - | The OpenSSL libraries are not included with mIRC | + | The majority of our users use mIRC, so we'll explain how to connect to DareNET using it. We assume you're using version 6.14 or newer, which all have built-in support for connecting to TLS/SSL-enabled servers, using the [http://www.openssl.org/ OpenSSL] libraries. |
| + | |||
| + | Due to licensing reasons, the OpenSSL libraries are not included with mIRC, but you can download them pre-compiled for win32 (Windows 9x, 2000, 2003, XP) from [http://archives.darenet.org/archives.php?dir=misc/openssl-bin/&file=Win32OpenSSL_Light-0_9_8l.exe here]. After you download that file, extract the included libraries (libeay32.dll and ssleay32.dll) into your mIRC directory, or you can extract them to your windows/system directory if you prefer. | ||
''NOTE: The library files provided above were compiled from the OpenSSL 0.9.8I sources. If you know how to and prefer to compile your own, you can do that as well.'' | ''NOTE: The library files provided above were compiled from the OpenSSL 0.9.8I sources. If you know how to and prefer to compile your own, you can do that as well.'' | ||
| Line 24: | Line 26: | ||
After you have placed libeay32.dll and ssleay32.dll in your mIRC directory, shutdown mIRC and restart it, then it should automatically find the library files and load them. To make sure your copy of mIRC will now work with SSL, you can check the '''$sslready''' variable (type '''''//echo $sslready''''' in your status window, and mIRC should return '''$true''' if the OpenSSL libraries are properly loaded). | After you have placed libeay32.dll and ssleay32.dll in your mIRC directory, shutdown mIRC and restart it, then it should automatically find the library files and load them. To make sure your copy of mIRC will now work with SSL, you can check the '''$sslready''' variable (type '''''//echo $sslready''''' in your status window, and mIRC should return '''$true''' if the OpenSSL libraries are properly loaded). | ||
| - | We use | + | We use ports 6697 and 9999 for all incoming TLS/SSL client connections, so to connect using SSL just use /server irc.darenet.org +6697 (the plus sign is required for SSL connections). |
An example: | An example: | ||
| - | < | + | <code>/server irc.darenet.org +6697</code> |
| - | After you have connected, you can verify that you are connected with SSL using the '''$ssl''' variable in mIRC (type '''''//echo $ssl''''' in your status window, and mIRC should return '''$true'''). Another way to see if you are connected with SSL is to /WHOIS yourself by typing /WHOIS YourNick, and in your WHOIS output you will see a line like this: | + | After you have connected, you can verify that you are connected with SSL using the '''$ssl''' variable in mIRC (type '''''//echo $ssl''''' in your status window, and mIRC should return '''$true''').Another way to see if you are connected with SSL is to /WHOIS yourself by typing /WHOIS YourNick, and in your WHOIS output you will see a line like this: |
| - | <pre>YourNick is using a secure connection | + | <pre>YourNick is using a secure connection</pre> |
| - | If you are using an mIRC version older than 6.14, then the above instructions do not apply to you. You should upgrade to the latest mIRC version. If for some reason you want to keep your current version of mIRC, then you will have to use an SSL tunnel, like [http:// | + | If you are using an mIRC version older than 6.14, then the above instructions do not apply to you. You should upgrade to the latest mIRC version. If for some reason you want to keep your current version of mIRC, then you will have to use an SSL tunnel, like [http://jeff.bovine.net/Stuntour StunTour]. |
| - | == SSL-only channels == | + | == TLS/SSL-only channels == |
| - | DareNET's servers support channel mode +Z, which means only users connected using | + | DareNET's servers support channel mode +Z, which means only users connected using an encrypted connection will be allowed to join the channel. This is useful for those who want to ensure that their communications on the channel are entirely secure. |
== Why the need for secure connections? == | == Why the need for secure connections? == | ||
Current revision as of 14:24, 14 November 2011
DareNET's servers support TLS/SSL-enabled connections on ports 6697 and 9999. There are several methods you can utilize to connect to DareNET using an encrypted connection. The method chosen depends on the IRC client being used and any additional tunnel software, if needed. Currently, the following clients offer native or built-in TLS/SSL support for connections:
For clients without built-in TLS/SSL support, such as mIRC versions prior to 6.14, you will need to use an TLS/SSL tunnel program. There are three popular TLS/SSL tunnels in use now for IRC clients: Stunnel (Unix/Linux/Windows), WinSSLWrap (Windows), and StunTour (Windows).
This method establishes a TLS/SSL connection by connecting through a tunnel. The tunnel opens a TLS/SSL connection to the IRC server, and then opens a local connection your computer. The local connection is usually opened on port 6667, the default IRC port, though this can be customized by the user. The client then only needs to connect to localhost (127.0.0.1), using the port the TLS/SSL tunnel is listening on.
In This Guide: |
Servers supporting TLS/SSL
All DareNET IRC servers presently support TLS/SSL-enabled connections on ports 6697 and 9999; therefore, you may still specify irc.darenet.org as the server to use (which will connect you to a server geographically closest to you).
Using SSL with mIRC 6.14+
The majority of our users use mIRC, so we'll explain how to connect to DareNET using it. We assume you're using version 6.14 or newer, which all have built-in support for connecting to TLS/SSL-enabled servers, using the OpenSSL libraries.
Due to licensing reasons, the OpenSSL libraries are not included with mIRC, but you can download them pre-compiled for win32 (Windows 9x, 2000, 2003, XP) from here. After you download that file, extract the included libraries (libeay32.dll and ssleay32.dll) into your mIRC directory, or you can extract them to your windows/system directory if you prefer.
NOTE: The library files provided above were compiled from the OpenSSL 0.9.8I sources. If you know how to and prefer to compile your own, you can do that as well.
After you have placed libeay32.dll and ssleay32.dll in your mIRC directory, shutdown mIRC and restart it, then it should automatically find the library files and load them. To make sure your copy of mIRC will now work with SSL, you can check the $sslready variable (type //echo $sslready in your status window, and mIRC should return $true if the OpenSSL libraries are properly loaded).
We use ports 6697 and 9999 for all incoming TLS/SSL client connections, so to connect using SSL just use /server irc.darenet.org +6697 (the plus sign is required for SSL connections).
An example:
/server irc.darenet.org +6697
After you have connected, you can verify that you are connected with SSL using the $ssl variable in mIRC (type //echo $ssl in your status window, and mIRC should return $true).Another way to see if you are connected with SSL is to /WHOIS yourself by typing /WHOIS YourNick, and in your WHOIS output you will see a line like this:
YourNick is using a secure connection
If you are using an mIRC version older than 6.14, then the above instructions do not apply to you. You should upgrade to the latest mIRC version. If for some reason you want to keep your current version of mIRC, then you will have to use an SSL tunnel, like StunTour.
TLS/SSL-only channels
DareNET's servers support channel mode +Z, which means only users connected using an encrypted connection will be allowed to join the channel. This is useful for those who want to ensure that their communications on the channel are entirely secure.
Why the need for secure connections?
DareNET/IRC is used by many organizations that need to communicate over secure connections, everything from corporate to governmental. Various educational organizations that provide online teaching also require communications to be secure for privacy purposes. Apart from that, many individuals around the world also depend on secure communications, whether for political, business, or other reasons. At the end of the day, it really depends on your own personal needs. If it's not something that you think you need, then you probably don't!
