TLS (Transport Layer Security), also known as SSL (Secure Sockets Layer), is a method of encrypting your communications so that other parties cannot tamper with or read your messages. It is suggested that you connect to Rizon using encryption if possible. Instructions on how to do this are provided for many popular IRC clients below.
Connecting with SSL
Typically, your client will have a connection dialogue which may ask you if you wish to connect with SSL as one of the options, allow you to pass a -ssl argument as part of the connect command, or use a "+" in front of the port number. (i.e. "/server irc.rizon.net +6697", "/connect -ssl irc.rizon.net 6697")
All Rizon servers allow SSL connections on port 6697 and 9999.
Setting up your client for SSL
You can connect securely to Rizon by setting your client to connect to irc.rizon.net with either port 6697 or port 9999. Client-specific instructions are listed below for your convenience.
Example of what your mIRC settings can look like.
Example of what your HexChat settings can look like.
Example of what your KVIrc settings can look like.
mIRC's official documentation can be found here.
The latest versions of mIRC now include OpenSSL by default. You can enable it for Rizon by pressing
ALT+O to open the options window, then go to Connect → Servers. Click Edit on the Rizon network, and make sure the ports field is
Alternatively you can connect with SSL manually by typing
/server irc.rizon.net +6697 or
/server -e irc.rizon.net 6697
SSL on KiwiIRC can be used by clicking on the
Server & network link in KiwiIRC's client.
Allowing the user to select SSL and a separate port.
Connect to the client using
https:// to have all parts secure
SSL can be used via Mibbit by clicking on the "Server" link on the connection dialogue and by using "+6697" as the port.
Rizon's QWebIRC automatically uses SSL when connecting via https.
IRCCloud is using a secure connection by default. You can verify this by editing the network - the checkbox named Secure Port has to be enabled and the port has to be 6697 or 9999
To ensure that you are connecting via SSL you can enable the checkbox named Use SSL for all the servers on this network and disable "Accept invalid SSL certificate" by editing the network details in the network list. Make sure that if HexChat is set to connect to a specific port that it's either 6697 or 9999, e.g.
To make sure Irssi uses SSL and verifies the authenticity of the certificate you need to enable certificate verification. You can do this by connecting using the
-ssl -ssl_verify flags. Users of version Irssi >= 0.8.21 are encouraged to use
-tls -tls_verify instead.
To make sure weechat verifies certificates, you'll need to use the following.
-ssl_verifyon /server and /connect commands
/set irc.server.SERVERNAME.ssl_verify truevia /iset or /set
You'd then use
irc.rizon.net/9999 as the server address.
You can pass the -s flag upon connecting to connect using SSL. The full command will look like this:
/server -s irc.rizon.net
Using the webpanel
After logging in to the webpanel, go to Your Settings → Networks → Edit.
Make sure "Servers of this IRC network" is set to
irc.rizon.net:+6697. You may need to reconnect your client to activate the new settings. You can do this by typing
/znc jump after connecting to your ZNC.
Ensuring both sides are SSL
The instructions above make sure you are connected to the IRC network using SSL. To make sure your connection to your ZNC is using SSL as well log in to the webpanel as administrator, go to Global Settings → Listen Port(s), and make sure that the SSL checkbox is ticked. You can now connect using SSL to your ZNC on that port.
RizonBNC allows SSL connections via port 12345 only.
Verify if SSL is in use
When you followed the steps above and still asking yourself if you are connecting with SSL you can use the
/whois Nick command, where Nick is your username. An example output can be found here:
Nick is user@Rizon-ABCDEF.example.com * * Nick on #Rizon Nick using irc.rizon.net - Where are you? Nick is using a secure connection Nick is using modes +ix authflags: [none] Nick is actually email@example.com [192.0.2.10] Nick has been idle 2mins 8secs, signed on Wed Dec 03 03:57:45 Nick End of /WHOIS list.
You should see the following line:
Nick is using a secure connection
SSL only channels
Channels can be set to only allow users that are connected using a secure connection. This can be enabled by setting the channel mode +S.
Users not using a secure connection that attempt to join the channel will get an error message like this one:
#chat Cannot join channel (+S)
SSL Certificates for use with CertFP
SSL certificates can be used to automatically identify with Nickserv. This is a separate concept than what is discussed in this article. Read more about this on the CertFP page.