7.1-current SSL

Tim timwoj at ieee.org
Tue Nov 16 07:44:50 EST 2004


On Nov 16, 2004, at 1:33 AM, Bill Bierman wrote:

> Hey folks.  I'm really pleased to see this discussing going on.  I for 
> one would love to, at some point, have some client <-> server 
> encryption available for a server admin to provide as (s)he sees fit.  
> A couple of thoughts below...
>
> Marcin Kulas wrote:
>
>> PS.
>> I'd really appreciate if hybrid team published official, working
>> and tested SSL patch for h7.1. Hope there's much more people like me.
>>
> We have discussed including this, but have not yet reached a 
> conclusion.  If people have a patch they would like to submit for 
> inclusion into the contrib/ directory, please make note of this in 
> your postings to this list.  I have not personally looked at the patch 
> this thread is revolving around, nor have any of the other developers 
> to my knowledge, but if it's author is sufficiently confident in it's 
> readiness to be distributed, I will try to give it a looking over.
>
> Also, for those who crave SSL, and cannot understand why it has not 
> been included in ircd-hybrid as yet, I pose to you this request.  The 
> main roadblock, at least in my opinion, is that there has not been a 
> standardized method for IRC over SSL.  Has this changed?  As I 
> understand it there are a few ircds these days which support SSL.  Do 
> they all speak the same language?  Maintaining standards and 
> compatibility is a very crucial focus in an ircd's development.  If we 
> implement SSL one way, and another ircd implements it another way, 
> that is two seperate protocols that a given client must be able to 
> detect, and adapt to, and ultimately communicate effectively with.
>
> Cheers,
>
> Bill
>

As far as I can tell from my minor bit of SSL work with IRC, connecting 
via SSL is fairly standard.  It's simply the exact same protocol 
wrapped in encryption.  This means that the clients only have to 
implement that wrapping (the extra connection parts, and calling 
SSL_write/read).  This also means that the SSL calls don't have to be 
in the client itself, but can be done through an SSL proxy like 
stunnel.  I have an SSL patch for hyrid-7.0.3 that I've been using on a 
small network for about 6 months, with multiple clients including 
tunneled ones, and they've all been working fine.  I also connect to 
two other networks with different ircd's that support SSL, and they 
both work fine as well.

Tim




More information about the hybrid mailing list