Difference between revisions of "SSL"
From MIXXnet Wiki
m (disambiguity fix)
m (Removed ETN from links list. It was added by mistake)
|Line 20:||Line 20:|
Revision as of 16:06, 11 September 2005
Secure Sockets Layer (SSL) is a cryptographic protocol which provides secure communication on the Internet.
Users may connect to MIXXnet using any server that supports SSL. The default port is 6697 unless listed otherwise.
When you use SSL, you are establishing a secure connection between you and the server. What some people do not realize is that when one server talks to another server, they are talking on an unencrypted line. This means that if Alice (on an SSL server) sends a message to Bob (on a non-SSL server), the message is not secure. For it to be secure, Alice and Bob both need to have SSL connections on the same server. MIXXnet plans to have all connections between all servers SSL secured in the very near future.
Currently, the following servers support SSL:
SSL needs to be enabled on all server-to-server links as explained in the section above. Below is a list of servers who have SSL enabled for server-to-server connections.
(This hub does not have any SSL enabled links)
User & Channel Information
To check to see if a user is using SSL, you whois that user. A secured user's whois would look something like:
alex323 is firstname.lastname@example.org * Alex
alex323 using ninjutsu.ca.us.mixxnet.net MIXXnet California - Hosted by Linode.com
alex323 is using a Secure Connection
alex323 End of /WHOIS list.
This means that the user "alex323" is using SSL on ninjutsu.ca.us.mixxnet.net.
In a secure channel, all of the users must have SSL enabled for the channel to be secure. If one user isn't secure, then all the messages will go to that user unencrypted. If you wish to limit your channel to only people using SSL, you need to set the channel mode +z (/mode #channel +z). The +z mode prevents non-SSL users from joining the channel. If a non-SSL user does try to join, (s)he will see this message:
#channel unable to join channel (not using secure connection)
mIRC requires that you have the Windows version of OpenSSL installed on your system. You can download OpenSSL for Windows at this website. More information on how to install OpenSSL for Windows is beyond the scope of this document. To check if you've installed OpenSSL correctly, look for the SSL button in the mIRC Options window as shown below.
If you have SSL enabled, choose a server from the Servers section above. Type: /server servername.xx.xx.mixnet.net +port. The '+' sign is important because it tells mIRC to use SSL.
When trying to connect to a SSL enabled server, you may be presented with a dialog that says the SSL certificate is invalid. As long as the certificate has not expired and the domian name matches, the certificate is OK. The reason you are seeing this dialog is because MIXXnet signs its own SSL certificates.
To use SSL in X-Chat, click X-Chat->Server List.... Next, click on MIXXnet and Edit.. (Note: you may not have MIXXnet on your server list. If you don't, you can just click Close and type: /server servername.xx.xx.mixnet.net +port). Then select the two check boxes that say, Use SSL for all servers on this network and Accept invalid SSL certificate as shown below.
Other clients that support SSL include irssi and BitchX.
The official SSL channel of MIXXnet is #secure. You can come join us when you have SSL set up.
Other secure channels include: