mIRC Home    About    Download    Register    News    Help

Print Thread
Joined: Oct 2017
Posts: 1
W
Wo1f Offline OP
Mostly harmless
OP Offline
Mostly harmless
W
Joined: Oct 2017
Posts: 1
31.Added "ciphers" item to [ssl] section in mirc.ini that allows you to specify list of accepted ciphers.

* How do you actually configure this?

There is zero info about it online or in the documentation also the mirc.ini doesn't have the line.

Thanks

Joined: Jan 2004
Posts: 2,127
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2004
Posts: 2,127
The sentence #30 right above it tells the contents to place in ciphers= item of [ssl] section. Note that it's ALL: followed by a list of excluded items. i.e. !MD5 means not-MD5. So if you want to allow 3DES and RC4, then remove !3DES and !RC4 from that list.

See https://forums.mirc.com/ubbthreads.php/topics/250389/Re:_Possible_sockopen_regressi#Post250389

Joined: Feb 2003
Posts: 2,812
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,812
Next time you hear on the news about some CRAZY Internet-Is-Falling-Apart new exploit discovered in a given SSL cipher, you can casually delete it from your ini file.


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
Joined: Dec 2002
Posts: 5,412
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 5,412
This information is not provided because it is too technical and changes on a regular basis. In order to use this feature, you will need to Google for recommended, best-practice client-side ciphers lists as of today's date. However, limiting the ciphers list to only strong, secure ciphers (as of today's date) will prevent your client from connecting to servers that only support older, weaker, or broken ciphers.

For example, I tried using the Mozilla recommended modern, intermediate, and old cipher lists. These resulted in mIRC being unable to connect via SSL with at least 40% of the IRC servers that I tested.

As mentioned in a previous post, mIRC's current default ciphers list is:

ALL:!ADH:!aNULL:!eNULL:!EXP:!3DES:!RC4:!MD5:!PSK:!SRP:!DSS:!SSLv2:!LOW

However, this was last updated in 2014. If anyone has any suggested updates to this list, please let me know.


Link Copied to Clipboard