Difference between revisions of "SSL"
From MIXXnet Wiki
m (Updated CA cert link) |
(Added more clients that support SSL and minor cleanup) |
||
Line 26: | Line 26: | ||
===Channel Protection=== | ===Channel Protection=== | ||
− | In a secure channel, all of the users must have SSL enabled for the channel to be secure. If one user isn't secure, then all the messages will go to that user unencrypted. '''SSL users and non-SSL users can co-exist on the same channel.''' If you wish to limit your channel to only people using SSL, you | + | In a secure channel, all of the users must have SSL enabled for the channel to be secure. If one user isn't secure, then all the messages will go to that user unencrypted. '''SSL users and non-SSL users can co-exist on the same channel.''' If you wish to limit your channel to only people using SSL, you can set the channel mode +z (/mode #channel +z). The +z mode prevents non-SSL users from joining the channel. If a non-SSL user does try to join, (s)he will see this message: |
<nowiki>#channel unable to join channel (not using secure connection)</nowiki> | <nowiki>#channel unable to join channel (not using secure connection)</nowiki> | ||
Line 36: | Line 36: | ||
If you have SSL enabled, choose a server from the '''Servers''' section above. Type: /server servername.xx.xx.mixnet.net +port. The '+' sign is important because it tells mIRC to use SSL. | If you have SSL enabled, choose a server from the '''Servers''' section above. Type: /server servername.xx.xx.mixnet.net +port. The '+' sign is important because it tells mIRC to use SSL. | ||
− | When trying to connect to a SSL enabled server, you may be presented with a dialog that says the SSL certificate is invalid. As long as the certificate has not expired and the | + | When trying to connect to a SSL enabled server, you may be presented with a dialog that says the SSL certificate is invalid. As long as the certificate has not expired and the domain name matches, the certificate is OK. The reason you are seeing this dialog is because MIXXnet acts as its own certificate authority. |
===XChat=== | ===XChat=== | ||
− | To use SSL in [[XChat]], click '''X-Chat->Server List...'''. Next, click on MIXXnet and '''Edit | + | To use SSL in [[XChat]], click '''X-Chat->Server List...'''. Next, click on MIXXnet and '''Edit'''. Then select the two check boxes that say, '''Use SSL for all servers on this network''' and '''Accept invalid SSL certificate''' as shown below. |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
[[Image:ssl_setup_xchat.png|thumb|250px|Screenshot of X-Chat with SSL enabled.]] | [[Image:ssl_setup_xchat.png|thumb|250px|Screenshot of X-Chat with SSL enabled.]] | ||
− | === | + | ===Irssi=== |
− | The use of SSL in | + | The use of SSL in Irssi is ''very'' simple. All you need to do is type the following commands into the status window:<br> |
/set use_ssl on<br> | /set use_ssl on<br> | ||
/set ssl_verify on<br> | /set ssl_verify on<br> | ||
Line 55: | Line 51: | ||
===Other Clients=== | ===Other Clients=== | ||
− | Other clients that support SSL include BitchX. | + | Other clients that support SSL include [http://www.bitchx.org BitchX], [http://weechat.flashtux.org/ WeeChat], [http://www.kvirc.de/ KVirc], [http://pidgin.im Pidgin], [http://colloquy.info/ Colloquy], [http://www.opera.com Opera], [http://www.ircle.com/ Ircle], and [http://www.snak.com/ Snak] to name a few. |
Line 64: | Line 60: | ||
*[http://www.mirc.co.uk/ssl.html Using SSL with mIRC] | *[http://www.mirc.co.uk/ssl.html Using SSL with mIRC] | ||
*[http://irssi.org irssi Website] | *[http://irssi.org irssi Website] | ||
− | |||
*[http://en.wikipedia.org/wiki/Transport_Layer_Security SSL Wikipedia Page] | *[http://en.wikipedia.org/wiki/Transport_Layer_Security SSL Wikipedia Page] | ||
[[Category:Services]] | [[Category:Services]] |
Revision as of 22:20, 24 May 2009
Secure Sockets Layer (SSL) is a cryptographic protocol which provides secure communication on the Internet.
Contents
Connection Information
Users may connect to MIXXnet using any server that supports SSL. The default port is 6697 unless listed otherwise.
You may download a copy of the CA certificate MIXXnet uses here. This file can be imported into some clients which allows for a "trusted" connection. It is not necessary for you to do this, but the option is available to you.
On December 23, 2005, MIXXnet introduced a new round-robin address for SSL connectivity (irc.ssl.mixxnet.net). As of February 11, 2006, all servers in the irc.mixxnet.net round-robin have SSL support. The use of irc.ssl.mixxnet.net is obsolete and depreciated.
Security Information
When you use SSL, you are establishing a secure connection between you and the server. As of February 11, 2006, MIXXnet operates with full SSL support including client-to-server connections and server-to-server links.
Servers
ALL MIXXnet servers support SSL from client-to-server and from server-to-server.
User & Channel Information
Identification
To check to see if a user is using SSL, you whois that user. A secured user's whois would look something like:
Chris is chris@staff.mixxnet.net * Chris
Chris using anjuna.il.us.mixxnet.net Anjunabeats MIXXnet IRC Server
Chris is using a Secure Connection
Chirs End of /WHOIS list.
This means that the user "Chris" is using SSL on anjuna.il.us.mixxnet.net.
Channel Protection
In a secure channel, all of the users must have SSL enabled for the channel to be secure. If one user isn't secure, then all the messages will go to that user unencrypted. SSL users and non-SSL users can co-exist on the same channel. If you wish to limit your channel to only people using SSL, you can set the channel mode +z (/mode #channel +z). The +z mode prevents non-SSL users from joining the channel. If a non-SSL user does try to join, (s)he will see this message:
#channel unable to join channel (not using secure connection)
Setup
mIRC
mIRC requires that you have the Windows version of OpenSSL installed on your system. You can download OpenSSL for Windows at this website. More information on how to install OpenSSL for Windows is beyond the scope of this document. To check if you've installed OpenSSL correctly, look for the SSL button in the mIRC Options window as shown below.
If you have SSL enabled, choose a server from the Servers section above. Type: /server servername.xx.xx.mixnet.net +port. The '+' sign is important because it tells mIRC to use SSL.
When trying to connect to a SSL enabled server, you may be presented with a dialog that says the SSL certificate is invalid. As long as the certificate has not expired and the domain name matches, the certificate is OK. The reason you are seeing this dialog is because MIXXnet acts as its own certificate authority.
XChat
To use SSL in XChat, click X-Chat->Server List.... Next, click on MIXXnet and Edit. Then select the two check boxes that say, Use SSL for all servers on this network and Accept invalid SSL certificate as shown below.
Irssi
The use of SSL in Irssi is very simple. All you need to do is type the following commands into the status window:
/set use_ssl on
/set ssl_verify on
/save
After you have done these, you need to pass the -ssl flag to /connect when connecting to an SSL enabled server. For example:
/connect -ssl anjuna.il.us.mixxnet.net 6697
Other Clients
Other clients that support SSL include BitchX, WeeChat, KVirc, Pidgin, Colloquy, Opera, Ircle, and Snak to name a few.