User Tools

Site Tools


clients

Quassel

Quasselcore <0.10 usse a manual selection for the SSL protocol, and this defaulted to SSLv3.
In version 0.10, the selector was removed and auto negotiation was used.
However, a >=0.10 client is connected to a <0.10 core, you can't change that SSL protocol.
The first option is to upgrade the core to 0.10 or later.
You can also either use an old client (<0.10) to change the SSL protocol to TLSv1 for that connection (once you change it, you can go back to using whichever client version you want) or update the client to 0.12-rc1, which restores the SSL protocol selector for connections to old cores.

irssi

All recent versions of irssi seem to work. If DANE verification doesn't work, ensure it is enabled and compiled in. See also https://github.com/irssi/irssi/commit/d826896f74925f2e77536d69a3d1a4b86b0cec61

/connect -ssl -ssl_verify irc.darkfasel.net 6697

if the above command fails, you need to specify the cacert root certificate:

-ssl_cafile .irssi/ca_cacert.pem

weechat

/server add darkfasel irc.darkfasel.net/+6697 -ssl -autoconnect 
/set irc.server.darkfasel.ssl_verify on
/connect darkfasel
/save
/j #lobby

Chatzilla

HexChat

Click here for Hexchat.

Generic Clients / stunnel

Configure stunnel in the following way to connect unsupported clients to localhost:

[irc]
client = yes
accept = 127.0.0.1:6667
connect = irc.darkfasel.net:9999
CAfile = /etc/ssl/certs/cacert-root.pem
verify = 2
checkHost = irc.darkfasel.net
clients.txt · Last modified: 2016/07/12 12:08 by jomat