Difference between revisions of "TLS"
Line 12: | Line 12: | ||
All Rizon servers allow SSL connections on ports '''6697''' and '''9999'''. | All Rizon servers allow SSL connections on ports '''6697''' and '''9999'''. | ||
Note: your client needs to support '''TLS version | Note: your client needs to support '''TLS version v1.2 or higher''', an older version is '''not''' supported! | ||
OpenSSL added support for TLS v1.2 to version 1.0.1 back in 2012, make sure your client uses | |||
==Setting up your client for SSL/TLS== | ==Setting up your client for SSL/TLS== | ||
Line 23: | Line 24: | ||
===mIRC=== | ===mIRC=== | ||
''You need at least version v7.24, released 26/05/2012 to be able to connect to Rizon!'' | |||
First, verify that SSL is enabled in your mIRC by typing <code>//echo -a $sslready</code> which should return '''<big><kbd>$true</kbd></big>'''; otherwise, check [https://www.mirc.com/ssl.html mIRC's official documentation]. | First, verify that SSL is enabled in your mIRC by typing <code>//echo -a $sslready</code> which should return '''<big><kbd>$true</kbd></big>'''; otherwise, check [https://www.mirc.com/ssl.html mIRC's official documentation]. | ||
Revision as of 12:50, 12 April 2022
TLS (Transport Layer Security), also known as SSL (Secure Sockets Layer), is a method of encrypting your communications so that other parties cannot tamper with or read your messages. It is suggested that you connect to Rizon using encryption if possible. Instructions on how to do this are provided for many popular IRC clients below.
Connecting with SSL
Typically, your client will have a connection dialogue, which may:
- ask you if you wish to connect with SSL as one of the options;
- allow you to pass a
-tls
, or-ssl
, argument as part of the connect command;- Example:
/connect -tls irc.rizon.net 6697
- Example:
- or use a
+
in front of the port number.- Example:
/server irc.rizon.net +6697
- Example:
All Rizon servers allow SSL connections on ports 6697 and 9999.
Note: your client needs to support TLS version v1.2 or higher, an older version is not supported! OpenSSL added support for TLS v1.2 to version 1.0.1 back in 2012, make sure your client uses
Setting up your client for SSL/TLS
You can connect securely to Rizon by setting your client to connect to irc.rizon.net with either port 6697 or port 9999. Client-specific instructions are listed below for your convenience.
Example of what your mIRC settings can look like.
Example of what your HexChat settings can look like.
Example of what your KVIrc settings can look like.
mIRC
You need at least version v7.24, released 26/05/2012 to be able to connect to Rizon!
First, verify that SSL is enabled in your mIRC by typing //echo -a $sslready
which should return $true; otherwise, check mIRC's official documentation.
The latest versions of mIRC now include OpenSSL by default. To always connect to Rizon with SSL:
- Tools → Options... (or press Alt + O) to open the Options dialogue box.
- Go to Connect → Servers.
- Under IRC Servers:, find and expand Rizon group, and select one of the connection items of that group; then, press Edit
- In the Ports: field, type in
+6697,+9999
. Then, press OK and (re)connect.
Alternatively, you can temporarily connect with SSL by typing /server irc.rizon.net +6697
or /server -e irc.rizon.net 6697
Kiwi IRC
- This first step is optional, but crucial to maintain secure connections at all parts.
- Be sure that you've browsed to KiwiIRC using secure HTTPS; i.e.,
https://kiwiirc.com/
- Be sure that you've browsed to KiwiIRC using secure HTTPS; i.e.,
- Secure connection to Rizon network is pre-set on KiwiIRC (by the time of updating these guides). So, directly select RIZON off KiwiIRC home page, where you get to type in your nick (and password, if registered with Rizon), before pressing Start
Mibbit
SSL can be used via Mibbit by clicking on the Server link on the connection dialogue, and by using +6697 as the port.
QWebIRC
Rizon's QWebIRC automatically uses SSL when connecting via https.
IRCCloud
IRCCloud is using a secure connection by default. You can verify this by editing the network — the checkbox named Secure port has to be enabled, and the Port field has to be either 6697 or 9999
HexChat
To ensure that you are connecting via SSL you can enable the checkbox named Use SSL for all the servers on this network, and disable Accept invalid SSL certificate by editing the network details in the network list. Make sure that, if HexChat is set to connect to a specific port that it's either 6697 or 9999; e.g., irc.rizon.net/6697
Irssi
To make sure Irssi uses SSL and verifies the authenticity of the certificate, you need to enable certificate verification. You can do this by connecting using the -ssl -ssl_verify
flags. Users of Irssi version ≥ 0.8.21 are encouraged to use -tls -tls_verify
instead.
WeeChat
To make sure WeeChat verifies certificates, you'll need to use the following:
-ssl_verify
on both /server and /connect commands./set irc.server.ServerName.ssl_verify true
via either /iset or /set commands.
You'd then use either irc.rizon.net/6697
or irc.rizon.net/9999
as the server address.
KVIrc
You can pass the -s
flag upon connecting, in order to connect using SSL. The full command will look like this: /server -s irc.rizon.net
ZNC
Using ZNC webadmin
- After logging in to the webadmin; a.k.a., webpanel, go to Your Settings → Networks → Edit.
- Make sure Servers of this IRC network is set to
irc.rizon.net:+6697
.
You may need to reconnect your client to activate the new settings. You can do this by typing /znc jump
after connecting to your ZNC.
Ensuring both sides are SSL/TLS
The instructions above make sure you are connected to the IRC network using SSL/TLS. To be sure that your connection to your ZNC is using SSL/TLS as well:
- Log in to the webadmin as administrator
- Go to Global Settings → Listen Port(s), and make sure that the SSL checkbox is ticked.
You can now connect using SSL/TLS to your ZNC on that port.
RizonBNC
RizonBNC allows SSL/TLS connections via port 12345 only.
Verify if SSL/TLS is in use
When you followed the steps above and still asking yourself if you are connecting with SSL you can use the /whois Nick
command, where Nick is your username. The following is an example output:
Nick is user@Rizon-ABCDEF.example.com *** Nick on #Rizon Nick using irc.rizon.net - Where are you? Nick is using a secure connection Nick is using modes +ix authflags: [none] Nick is actually user@xyz.example.com [192.0.2.10] Nick has been idle 2mins 8secs, signed on Wed Dec 03 03:57:45 Nick End of /WHOIS list.
You should see the following line:
Nick is using a secure connection
SSL/TLS-Only Channels
Channels can be set to only allow users that are connected using a secure connection. This can be enabled by setting the channel mode +S.
Users not using a secure connection, that attempt to join the channel, will get an error message like this one:
#chat Cannot join channel (+S)
SSL Certificates in CertFP and SASL
SSL/TLS (client) certificates can be used to automatically identify with NickServ. This is a separate concept than what is discussed in this article. Read more about this on the CertFP or SASL EXTERNAL page.