OpenSSL in current Hybrid 7.2.x tree non-functional?

David A. Desrosiers david.a.desrosiers at gmail.com
Sat Apr 11 13:36:46 EDT 2009


I can confirm the issue stated in this thread:

http://lists.ircd-hybrid.org/pipermail/hybrid/2009-January/001244.html

I've tried to run the current trunk and 7.2.x as well as the default
version shipped with Debian and none of them appear to be listening
for connections on port 994 at all. My server is configured as
follows:

serverinfo {
        name                    = "my-internal-server.com";
        description             = "My Internal Server";
        hub                     = yes;
        rsa_private_key_file    = "/usr/local/irc/etc/server.key";
        ssl_cert_file           = "/usr/local/irc/etc/server.crt";
};

listen {
        flags   = hidden, ssl;
        port    = 994;
        ssl     = yes;
};

listen {
        port    = 6667;
        ssl     = no;
};

What is interesting however, is the broken openssl that has been
shipping recently (upstream and in distros):

# openssl s_server -ssl3 -accept 6666 -nocert -bugs -chain -timeout
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT

And then when I connect to that from another openssl session:

# openssl s_client -ssl3 -no_ssl2 -showcerts -connect 10.0.1.4:6666
CONNECTED(00000003)
15249:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure:s3_pkt.c:1053:SSL alert number 40
15249:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:530:

Which returns this on the s_server side:

ERROR
15247:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:1006:
shutting down SSL
CONNECTION CLOSED

This /used to/ work, when I was using the linuxnet ircd hybrid
codebase a few years ago, but now using the current upstream codebase,
I can no longer get ircs sessions started or authenticated.

Can anyone help?



More information about the hybrid mailing list