[ircd-ratbox] Request For Feature: IRCS (IRC-over-SSL)

Paul-Andrew Joseph Miseiko esoteric at teardrop.ca
Tue May 17 11:45:51 EDT 2005


Let's be serious... they removed support for Server-to-Server SSL 
connections so what honestly makes you believe they would add 
Client-to-Server SSL support?

As for SILC, you meant to say it is a new protocol, much younger then IRC, 
and as a result, lacks the community and support that exist for IRC. 
Unless, in some obscure implementation of the english language, "nowhere 
as new" means the aforementioned.

Ralf, make sure you are running stunnel as an unprivileged user.

You would probably have more luck getting stunnel and ratbox to 
communicate via IPC to share the host information then getting SSL support 
in ratbox... <laughs> ;) [that's a joke, if you reply about it i'll ignore 
you, kthxbye]

--
     .-------------------------------------.
( Biggest security gap -- an open mouth )
     `-------------------------------------'
--
Paul-Andrew Joseph Miseiko

On Tue, 17 May 2005, Rachel Llorenna wrote:

> I've spoken to Aaron (AndroSyn) personally awhile ago, and he's
> looking into implementing IRC over SSL. One of the major things that
> needs to be considered is the amount of processing power that SSL
> requires. AndroSyn (and I would think anfl, too) want to make sure
> that anything they release is efficient; SSL is no different.
>
> If client-to-server SSL is implemented, they want to make sure that it
> doesn't eat up too much CPU time (particularly as ratbox is used
> widely on EFnet.) I'm sure SSL is somewhere on their To-Do list, but I
> don't know what priority it has at the moment.
>
> ircd-ratbox isn't really intended for smaller networks (although it
> works for them just fine) as much as it is designed for EFnet.
> However, I don't see a problem in implementing this using an
> --enable-ssl or similar flag, until it is fast enough to be used all
> over EFnet.
>
> Either way, IRC over SSL really only provides limited security; if
> your server is compromised (or any server on your network) then any
> data passing through it can be read in plaintext. If you're really
> looking for a secure solution, look into something like SILC. SILC,
> however, is nowhere as new as IRC as a protocol, and the client
> support is nearly nonexistant. There are plugins for issi and Gaim
> that I'm aware of, though.
>
> On 5/17/05, Ralf S. Engelschall <rse at engelschall.com> wrote:
>> On irc.openpkg.net we are using the IRCS (IRC-over-SSL) protocol
>> (only). Unfortunately, ircd-ratbox currently still does not support
>> IRCS natively while other IRC daemons (e.g. Unreal, etc) already do.
>> Hence, we are using STunnel in front of ircd-ratbox. This works fine and
>> without any problems.
>>
>> There is just one little issue: ircd-ratbox now receives connections
>> from localhost/127.0.0.1 only and this way some useful access control
>> and authentication features are not available. Additionally, STunnel
>> just adds some complexity to such a setup which could be avoided.
>>
>> Hence, my Request For Feature is for native SSL/TLS support
>> in ircd-ratbox. Something like this older patch under
>> http://www.wohmart.com/ircd/pub/ratbox/3-Feature/ssl/ but for the latest
>> version, of course. ircd-ratbox already (optionally) uses OpenSSL's
>> libcrypto (for the challenge/response functionality), so the next
>> obvious step would be use libssl for supporting IRCS anyway ;-)
>>
>> Although I know OpenSSL myself a little bit ;-) I've no more time
>> available for those hacks. So, is someone else already working on this
>> or at least planning to work on this? This would be a rather cool thing
>> for ircd-ratbox...
>>                                        Ralf S. Engelschall
>>                                        rse at engelschall.com
>>                                        www.engelschall.com
>>
>> _______________________________________________
>> ircd-ratbox mailing list
>> ircd-ratbox at lists.ratbox.org
>> http://lists.ratbox.org/cgi-bin/mailman/listinfo/ircd-ratbox
>>
>
>
> -- 
> Regards,
>
> Rachel Llorenna (frequency)
> _______________________________________________
> ircd-ratbox mailing list
> ircd-ratbox at lists.ratbox.org
> http://lists.ratbox.org/cgi-bin/mailman/listinfo/ircd-ratbox
>


More information about the ircd-ratbox mailing list