Secure SSL IRC
Translations + other language manuals:
Table of Contents:
Note
These advices aren't necessarily up to date. Some of the explanations in other languages are more recent and some of them are more elaborate, showing illustrations of the IRC clients. More translations are very welcome.
By connecting to the Indymedia IRC network using SSL, you can encrypt all data sent between you and the server. By extension, this means that you can create a secure line of communications with anyone else who is also connected to the server in this fashion. However, any text which you send to an individual not connected via SSL will travel via plaintext. Keep this in mind, as most of your communication will be on channels with many unencrypted individuals.
So, if just one person in a channel is not using SSL, then effectively the conversation is unencrypted. If you want to be sure you have an encrypted connection with someone, verify they are connected via ssl by running
/whois nick, and then message them privately (
/msg nick your message here... or by
double clicking on their names in most graphical clients).
There is a number of ways to make the connection. The simplest is to use an IRC client with SSL enabled. In Linux, you often have to compile SSL support manually. In Windows, you can often download add-ons that let you use SSL anyway. Most clients (if not every) rely on the OpenSSL implementation.
Web chat
To quickly connect via SSL using a web browser, you can use the webchat interface.
For new folks who want to connect quickly using SSL (from any computer), use the handy web version:
https://chat.indymedia.org
Note the '
s' in 'http
s'.
For quick instructions on connecting via the web version, see the top of this page:
IrcHowTo
Installable programs
SSL is the Secure Sockets Layer. When using the Webchat, you rely on the browser's support for SSL and you don't have to think about it. When using an external IRC program like mIRC or Irssi, you have to install SSL. We suggest you install
OpenSSL?, which is a free implementation for both Windows and Unix.
Make sure you have
OpenSSL? installed.
mIRC (Windows)
From version 6.14 and onwards, mIRC has built-in support for SSL through OpenSSL. Remember that mIRC isn't free software, and that you technically have to pay for it after 30 days of use. Another good alternative is XChat.
An explanation of mIRC's SSL support can also be found at
http://www.mirc.co.uk/ssl.html
Irssi (Unix, MacOS X)
Irssi has SSL support from version 0.8.6 and onwards. Requires OpenSSL and that you have compiled it using
--with-ssl. You then use the command
/connect -ssl irc.indymedia.org 6697. (In Irssi, you can also use
/server, but
/connect allows you to connect to multiple networks at once.) There is an
IrssiHowTo that explains both how to install and run it on various Linux distributions. Its website is
http://irssi.org/
Both you and server operators will be able to see from which IP you connect - other users will not.
For MacOS X, check out macirssi at
http://www.g1m0.se/macirssi/
XChat (Unix, Windows and MacOS X)
Newer versions of XChat support SSL through OpenSSL. Under 'Server List', add a new network and call it 'Indymedia', click 'Edit...' and add
irc.indymedia.org/6697. Check the boxes
Use SSL for all the servers on this network and
Accept invalid SSL certficate. You can also use the command
/sslserver irc.indymedia.org 6697. To connect using SSL from the command line, use
xchat ircs://irc.indymedia.org:6697. Type
/whois yournick and make sure it mentions that you are using a secure connection.
If you're in Windows, you should use the free version of XChat (
due to politics) at
http://silverex.org/. It works the same way. If you're in MacOS X, there is a version at
http://xchataqua.sourceforge.net/
'''There is a graphical introduction to enabling SSL on the
XChatInstall page.'''
BitchX-SSL
(Considered by many to be an obnoxious client, and by its very name sexist. For a better client, try Irssi.)
Requires OpenSSL and that you have compiled it using
--with-ssl. You then use the command
/server -ssl irc.indymedia.org 6697.
EPIC-SSL
EPIC-SSL is a fork of EPIC which can be found at
http://epicssl.sourceforge.net/. They announce it can be compiled on Cygwin. Use the command
/server -ssl irc.indymedia.org 6697 to connect.
KVIrc (UNIX and Windows)
KVIrc has support for SSL, and it is compiled automatically if OpenSSL is present on the system. The command to connect is
/server -s irc.indymedia.org 6697.
Chatzilla (UNIX and Windows)
Chatzilla works right out of your Mozilla-based browser. You can download it from
https://addons.mozilla.org/en-US/firefox/addon/16 or
http://www.hacksrus.com/~ginda/chatzilla/. Once installed, it uses the browser's SSL support through the command
/sslserver irc.indymedia.org 6697. It also reacts to links in the form of
ircs://irc.indymedia.org:6697/ from within the browser.
If you're using Chatzilla with Firefox 3.0, you will have to first connect to
https://irc.indymedia.org/ and accept the "invalid" security certificate before connecting to
ircs://irc.indymedia.org:6697/.
Stunnel
Stunnel is type of program called a wrapper. It allows programs that normally don't have SSL support to connect through it, after which stunnel takes care of the SSL. If your IRC client isn't mentioned above, or if you use a version of a client that doesn't have support for SSL, what you can do is either upgrade the client or use stunnel.
Another, and perhaps more flexible, way to connect is to use 'stunnel' together with the IRC client of your choice. Source code for stunnel, as well as binaries for other Operating Systems can be obtained at
http://www.stunnel.org/download/. If you are using Debian GNU/Linux, you can simply do 'apt-get install stunnel'. Stunnel also works in Windows.
The first step is to create the secure tunnel between your computer and irc.indymedia.org [...] (instructions in
SecureIrcStunnelWindows and
SecureIrcStunnelUnix)
General hints for MacOS X
You can use one of many IRC clients on Mac OS X (many of the previously mentioned clients can be compiled on OS X, if you have the developer tools installed). You may also prefer the more "mac-like" versions of these clients, and other clients, which come as GNU as it can get, and in closed-source shareware flavors as well. Whichever you choose, setting up stunnel on Mac OS X can be very easy.
Be sure to read the explanation of how stunnel works above and then get "SSL Enable" from Apple:
http://www.apple.com/downloads/macosx/unix_open_source/sslenabler.html
It is a very simple user interface that configures stunnel for you to then use any application you want to take advantage of it, such as an IRC client.
To get and install and unix/linux type programs on Mac OS X, you may want to try Fink
http://fink.sourceforge.net/
--
ChristopherMitchell - 04 Jun 2002
--
KellanKellan - 11 Jul 2002
--
ChristianBolstad - 10 Nov 2002
--
MarcinDeKaminski - 15 jan 2003
--
EdinhoFeli - 25 Feb 2003
-- link to
SecureIRCde +
SecureIRCcaesen --
SrI - 06 Oct 2003
-- Added link to
SecureIRCcas --
TxopiTxopi - 3 Jan 2004
-- Added new description how to use plugin dll for mIRC --
ClarA - 7 March 2004
added link to back to irc how to --
AnA - 28 Apr 2004
-- Added link to
SecureIRCpt --
EdinhoFeli - 02 May 2004
-- Added note about
BitchX being obnoxious
ShayneOneill - yeah yeah
-- added TOC --
AnNa - 15 Aug 2004
-- added mirc 6.14 + openssl --
AleX - 24 Aug 2004
-- added Mac OS X stunnel information on 2 sep 2004
InditeK
-- added information on X-Chat Aqua and a mirror of ssl.zip --
ChristianBolstad - 16 Nov 2004
-- minor edits --
PatrickPatrick 25 Aug 2005
-- added top section linking to quickie ssl web version --
PatrickPatrick 23 Sep 2005
-- rewrote the structure of the page so it sorts after IRC clients rather than operating system, added some easier to understand explanations and fixed a few typos. --
SimonShine - 08 Jan 2006
--
SimonShine - 27 Jan 2007 Added link to
XChatInstall which will be created on this day as well.
-- SSL is now on port 6697, and hostnames are always obscured now. --
WilliamPitcock
to top
