This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
help:connecting:ssl [2007/02/13 14:14] rubin |
help:connecting:ssl [2020/04/08 12:41] rubin |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Connecting with SSL Encryption ====== | ====== Connecting with SSL Encryption ====== | ||
+ | |||
===== Introduction ===== | ===== Introduction ===== | ||
- | This is a guide to help you configure your IRC client software to connect to AfterNET using SSL encryption. Our primary focus is on xchat, because that is what we use most, but it should help you get going with stunnel, mirc and other software as well. | + | This is a guide to help you configure your IRC client software to connect to AfterNET using SSL encryption. |
==== Why encryption ==== | ==== Why encryption ==== | ||
- | Our SSL encryption support is intended to protect you from those on __your local network__ intercepting passwords or reading your conversations. Essentially we want you to be able to login to your account(s) over wifi and speak poorly of your boss without fear of snooping. It is __NOT__ end-to-end security and you should never use IRC to discuss company secrets or anything truly of value. | + | Our SSL encryption support is intended to protect you from those on __your local network__ intercepting passwords or reading your conversations. Essentially we want you to be able to login to your account(s) over wifi and speak poorly of your boss without fear of snooping. It is __NOT__ end-to-end security and you should never use IRC to discuss company secrets or anything truly of value. |
==== Enabling encryption ==== | ==== Enabling encryption ==== | ||
- | Our servers have SSL enabled on port 9998. So to begin with, you simply configure your IRC client to connect to the server named **ssl.afternet.org** on port **9998** and select the 'use encryption' | + | Our servers have SSL enabled on ports 6697 and 9998. **We support only TLS1.2** which means some older clients will not be able to use SSL if they can only do SSLv3 or TLS1. See our [[: |
- | + | ||
- | + | ||
- | ==== Verifying identity ==== | + | |
- | === Why? === | + | |
- | For technical reasons (see [[Wp> | + | |
- | + | ||
- | In your web browser, there is a list of respectable certificate authorities who verify the ownership of companies and issue certificates to them for a fee. IRC software doesn' | + | |
- | You can choose to not bother with installing our CA on your system, but then you have to configure your IRC software to accept invalid certificates, | + | Configure |
- | === Installing The AfterNET CA === | + | === hexchat |
- | == Windows == | + | In the "hexchat -> Network List.." |
- | The [[http:// | + | |
- | NOTE In silverex xchat 2.6.8-1 | + | === ZNC === |
+ | In the ZNC bouncer, add a ' | ||
- | If you install X chat on another drive besides C, you need to put the certificate on that drive instead. | + | === mIRC === |
+ | Make sure you have the latest version. Old versions have insecure ssl libraries which have been blocked. | ||
- | If you have some more native windows IRC client that uses the built-in windows CA scheme, you could download | + | To [[http://www.mirc.com/ssl.html|enable SSL in mirc]] use the -e switch in the ''/ |
- | == Linux: | + | ==== Certificate Authority ==== |
- | Copy the [[https://www.afternet.org/ | + | Our server certificates are signed by [[https://letsencrypt.org]] |
- | NOTE: you **must** rename the file (or symlink it) from afternetca.cer to 90511bdb.0 for it to work. The certificate is looked for by this name because that is its ' | ||