[ircd-ratbox] Request For Feature: IRCS (IRC-over-SSL)

Rachel Llorenna rachies at gmail.com
Tue May 17 07:34:24 EDT 2005


I've spoken to Aaron (AndroSyn) personally awhile ago, and he's
looking into implementing IRC over SSL. One of the major things that
needs to be considered is the amount of processing power that SSL
requires. AndroSyn (and I would think anfl, too) want to make sure
that anything they release is efficient; SSL is no different.

If client-to-server SSL is implemented, they want to make sure that it
doesn't eat up too much CPU time (particularly as ratbox is used
widely on EFnet.) I'm sure SSL is somewhere on their To-Do list, but I
don't know what priority it has at the moment.

ircd-ratbox isn't really intended for smaller networks (although it
works for them just fine) as much as it is designed for EFnet.
However, I don't see a problem in implementing this using an
--enable-ssl or similar flag, until it is fast enough to be used all
over EFnet.

Either way, IRC over SSL really only provides limited security; if
your server is compromised (or any server on your network) then any
data passing through it can be read in plaintext. If you're really
looking for a secure solution, look into something like SILC. SILC,
however, is nowhere as new as IRC as a protocol, and the client
support is nearly nonexistant. There are plugins for issi and Gaim
that I'm aware of, though.

On 5/17/05, Ralf S. Engelschall <rse at engelschall.com> wrote:
> On irc.openpkg.net we are using the IRCS (IRC-over-SSL) protocol
> (only). Unfortunately, ircd-ratbox currently still does not support
> IRCS natively while other IRC daemons (e.g. Unreal, etc) already do.
> Hence, we are using STunnel in front of ircd-ratbox. This works fine and
> without any problems.
> 
> There is just one little issue: ircd-ratbox now receives connections
> from localhost/127.0.0.1 only and this way some useful access control
> and authentication features are not available. Additionally, STunnel
> just adds some complexity to such a setup which could be avoided.
> 
> Hence, my Request For Feature is for native SSL/TLS support
> in ircd-ratbox. Something like this older patch under
> http://www.wohmart.com/ircd/pub/ratbox/3-Feature/ssl/ but for the latest
> version, of course. ircd-ratbox already (optionally) uses OpenSSL's
> libcrypto (for the challenge/response functionality), so the next
> obvious step would be use libssl for supporting IRCS anyway ;-)
> 
> Although I know OpenSSL myself a little bit ;-) I've no more time
> available for those hacks. So, is someone else already working on this
> or at least planning to work on this? This would be a rather cool thing
> for ircd-ratbox...
>                                        Ralf S. Engelschall
>                                        rse at engelschall.com
>                                        www.engelschall.com
> 
> _______________________________________________
> ircd-ratbox mailing list
> ircd-ratbox at lists.ratbox.org
> http://lists.ratbox.org/cgi-bin/mailman/listinfo/ircd-ratbox
> 


-- 
Regards,

Rachel Llorenna (frequency)


More information about the ircd-ratbox mailing list