forked from azzurra/bahamut
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSSL
More file actions
53 lines (42 loc) · 2.32 KB
/
SSL
File metadata and controls
53 lines (42 loc) · 2.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#
# Small SSL FAQ
#
Q: What do I need in order to compile SSL support into bahamut-inet6 ?
A: You need the openssl library, a freely-available SSL implementation.
You can download it from http://www.openssl.org
Q: Which version should I install ?
A: I suggest you install 0.9.6e or later, because previous versions
contain remote vulnerabilities.
Q: Where do I have to install the openssl library ?
A: The config script looks for the library in the most obvious locations:
/usr /usr/local/ssl /usr/local/openssl /usr/local /opt/ssl /opt/openssl
You must install the library in one of these directories (I suggest /usr/local ).
Q: How do I compile in SSL support ?
A: When you run configure, it will ask you if you want to install it or not.
Simply answer 'yes' to that question. Note that if you answer 'yes' and you
didn`t install the openssl library, the config script will tell you so and
return an error.
Q: I succesfully compiled in SSL support, how do I enable it at runtime ?
A: You must open a port for SSL connections. On our network we use port 9999.
Why? Because the 'official assigned port' for irc over ssl is 994, and we
don't want to run ircd as root, nor do we want to alter the code so that
it binds the port and drops root privileges.
If you want to run the ircd as root, you can use port 994.
In either case, you need an extra P:line in your ircd.conf, like this:
P:*:IP:SSL:PORT
e.g. to bind port 9999 on 192.168.1.1, you would use:
P:*:192.168.1.1:SSL:9999
Q: How do I connect to my server using SSL ?
A: Use an SSL-enabled client (X-Chat from http://xchat.org is one) or use stunnel,
the universal SSL wrapper (http://www.stunnel.org).
Q: How can I tell if a user is connecting to my server via SSL ?
A: All SSL users are set +S when connecting. +S is a usermode that
cannot be set or removed manually.
Normal users only need to do a WHOIS on someone to know if they're connecting
via SSL. If they are, an extra line will be shown:
-!- user is using a secure connection (SSL)
The raw used here is 275.
IRC Operators can list all users connecting via SSL to the network by typing
/who -m S
Q: I have questions not answered here, what can I do ?
A: Mail me at vjt@users.sf.net and I will answer them as best as I can.