User Tools

Site Tools



Quasselcore <0.10 usse a manual selection for the SSL protocol, and this defaulted to SSLv3.
In version 0.10, the selector was removed and auto negotiation was used.
However, a >=0.10 client is connected to a <0.10 core, you can't change that SSL protocol.
The first option is to upgrade the core to 0.10 or later.
You can also either use an old client (<0.10) to change the SSL protocol to TLSv1 for that connection (once you change it, you can go back to using whichever client version you want) or update the client to 0.12-rc1, which restores the SSL protocol selector for connections to old cores.


All recent versions of irssi seem to work. If DANE verification doesn't work, ensure it is enabled and compiled in. See also

/connect -ssl -ssl_verify 6697

if the above command fails, you need to specify the cacert root certificate:

-ssl_cafile .irssi/ca_cacert.pem


/server add darkfasel -ssl -autoconnect 
/set irc.server.darkfasel.ssl_verify on
/connect darkfasel
/j #lobby



Click here for Hexchat.

Generic Clients / stunnel

Configure stunnel in the following way to connect unsupported clients to localhost:

client = yes
accept =
connect =
CAfile = /etc/ssl/certs/cacert-root.pem
verify = 2
checkHost =
clients.txt · Last modified: 2016/07/12 12:08 by jomat