80 lines
2.2 KiB
Plaintext
80 lines
2.2 KiB
Plaintext
|
|
ngIRCd - Next Generation IRC Server
|
|
|
|
(c)2001-2004 by Alexander Barton,
|
|
alex@barton.de, http://www.barton.de/
|
|
|
|
ngIRCd is free software and published under the
|
|
terms of the GNU General Public License.
|
|
|
|
-- SSL.txt --
|
|
|
|
|
|
ngIRCd supports SSL/TLSv1 encrypted connections using the
|
|
OpenSSL or gnutls library.
|
|
Both encryped server <-> client and server <-> server links should work.
|
|
|
|
BEWARE! The Code is mostly untested, use at your own risk!
|
|
|
|
Example that creates a self-signed certificate and key (using OpenSSL):
|
|
openssl req -newkey rsa:2048 -x509 -keyout server-key.pem \
|
|
-out server-cert.pem -days 1461
|
|
|
|
Example that creates DH parameters (optional):
|
|
openssl dhparam -2 -out dhparams.pem 2048
|
|
|
|
Example that creates a self-signed certificate
|
|
and key (using gnutls):
|
|
|
|
certtool --generate-privkey --bits 2048 --outfile server-key.pem
|
|
certtool --generate-self-signed --load-privkey server-key.pem \
|
|
--outfile server-cert.pem
|
|
|
|
Example that creates DH parameters (optional):
|
|
certtool --generate-dh-params --bits 2048 --outfile dhparams.pem
|
|
|
|
Alternatively, you may use external programs/tools like stunnel to
|
|
make it work:
|
|
|
|
<http://stunnel.mirt.net/>
|
|
<http://www.stunnel.org/>
|
|
|
|
Stefan Sperling (stefan at binarchy dot net) mailed me the following text as a
|
|
short "how-to", thanks Stefan!
|
|
|
|
|
|
=== snip ===
|
|
! This guide applies to stunnel 4.x !
|
|
|
|
Put this in your stunnel.conf:
|
|
|
|
[ircs]
|
|
accept = 6667
|
|
connect = 6668
|
|
|
|
This makes stunnel listen for incoming connections
|
|
on port 6667 and forward decrypted data to port 6668.
|
|
We call the connection 'ircs'. Stunnel will use this
|
|
name when logging connection attempts via syslog.
|
|
You can also use the name in /etc/hosts.{allow,deny}
|
|
if you run tcp-wrappers.
|
|
|
|
To make sure ngircd is listening on the port where
|
|
the decrypted data arrives, set
|
|
|
|
Ports = 6668
|
|
|
|
in your ngircd.conf.
|
|
|
|
Start stunnel and restart ngircd.
|
|
|
|
That's it.
|
|
Don't forget to activate ssl support in your irc client ;)
|
|
=== snip ===
|
|
|
|
|
|
|
|
|
|
--
|
|
$Id: SSL.txt,v 1.2 2004/12/27 01:11:40 alex Exp $
|