From MIXXnet Wiki
Secure Sockets Layer (SSL) is a cryptographic protocol which provides secure communication on the Internet.
Users may connect to MIXXnet using any server that supports SSL. The default port is 6697 unless listed otherwise.
You may download a copy of the CA certificate MIXXnet uses here. This file can be imported into some clients which allows for a "trusted" connection. It is not necessary for you to do this, but the option is available to you.
On December 23, 2005, MIXXnet introduced a new round-robin address for SSL connectivity (irc.ssl.mixxnet.net). As of February 11, 2006, all servers in the irc.mixxnet.net round-robin have SSL support. The use of irc.ssl.mixxnet.net is obsolete and depreciated.
When you use SSL, you are establishing a secure connection between you and the server. What some people do not realize is that when one server talks to another server, they are talking on an unencrypted line. This means that if Alice (on an SSL server) sends a message to Bob (on a non-SSL server), the message is not secure. For it to be secure, Alice and Bob both need to have SSL connections on the same server. MIXXnet plans to have all connections between all servers SSL secured in the very near future.
Currently, the following servers support SSL:
- Anjuna (6697)
- Ausnix (6697)
- Blackdiamond (6697)
- Cerebrum (6697)
- Fluxed (6697)
- GNS (6697)
- Ninjutsu (6697)
- Rapier (6697)
- Secteam (6697)
SSL needs to be enabled on all server-to-server links as explained in the section above. Below is a list of servers who have SSL enabled for server-to-server connections.
User & Channel Information
To check to see if a user is using SSL, you whois that user. A secured user's whois would look something like:
alex323 is firstname.lastname@example.org * Alex
alex323 using ninjutsu.ca.us.mixxnet.net MIXXnet California - Hosted by Linode.com
alex323 is using a Secure Connection
alex323 End of /WHOIS list.
This means that the user "alex323" is using SSL on ninjutsu.ca.us.mixxnet.net.
In a secure channel, all of the users must have SSL enabled for the channel to be secure. If one user isn't secure, then all the messages will go to that user unencrypted. SSL users and non-SSL users can co-exist on the same channel. If you wish to limit your channel to only people using SSL, you need to set the channel mode +z (/mode #channel +z). The +z mode prevents non-SSL users from joining the channel. If a non-SSL user does try to join, (s)he will see this message:
#channel unable to join channel (not using secure connection)
mIRC requires that you have the Windows version of OpenSSL installed on your system. You can download OpenSSL for Windows at this website. More information on how to install OpenSSL for Windows is beyond the scope of this document. To check if you've installed OpenSSL correctly, look for the SSL button in the mIRC Options window as shown below.
If you have SSL enabled, choose a server from the Servers section above. Type: /server servername.xx.xx.mixnet.net +port. The '+' sign is important because it tells mIRC to use SSL.
When trying to connect to a SSL enabled server, you may be presented with a dialog that says the SSL certificate is invalid. As long as the certificate has not expired and the domian name matches, the certificate is OK. The reason you are seeing this dialog is because MIXXnet signs its own SSL certificates.
To use SSL in XChat, click X-Chat->Server List.... Next, click on MIXXnet and Edit.. (Note: you may not have MIXXnet on your server list. If you don't, you can just click Close and type: /server servername.xx.xx.mixnet.net +port). Then select the two check boxes that say, Use SSL for all servers on this network and Accept invalid SSL certificate as shown below.
Other clients that support SSL include irssi and BitchX.
The official SSL channel of MIXXnet is #secure. You can come join us when you have SSL set up.
Other secure channels include: