mIRC Home    About    Download    Register    News    Help

Print Thread
31.Added "ciphers" item to [ssl] #261627 27/10/17 09:33 PM
Joined: Oct 2017
Posts: 1
W
Wo1f Offline OP
Mostly harmless
OP Offline
Mostly harmless
W
Joined: Oct 2017
Posts: 1
31.Added "ciphers" item to [ssl] section in mirc.ini that allows you to specify list of accepted ciphers.

* How do you actually configure this?

There is zero info about it online or in the documentation also the mirc.ini doesn't have the line.

Thanks

Re: 31.Added "ciphers" item to [ssl] [Re: Wo1f] #261628 27/10/17 10:38 PM
Joined: Jan 2004
Posts: 1,388
maroon Offline
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2004
Posts: 1,388
The sentence #30 right above it tells the contents to place in ciphers= item of [ssl] section. Note that it's ALL: followed by a list of excluded items. i.e. !MD5 means not-MD5. So if you want to allow 3DES and RC4, then remove !3DES and !RC4 from that list.

See https://forums.mirc.com/ubbthreads.php/topics/250389/Re:_Possible_sockopen_regressi#Post250389

Re: 31.Added "ciphers" item to [ssl] [Re: Wo1f] #261629 28/10/17 07:27 AM
Joined: Feb 2003
Posts: 2,700
Raccoon Offline
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,700
Next time you hear on the news about some CRAZY Internet-Is-Falling-Apart new exploit discovered in a given SSL cipher, you can casually delete it from your ini file.


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
Re: 31.Added "ciphers" item to [ssl] [Re: Wo1f] #261630 28/10/17 09:33 AM
Joined: Dec 2002
Posts: 4,798
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,798
This information is not provided because it is too technical and changes on a regular basis. In order to use this feature, you will need to Google for recommended, best-practice client-side ciphers lists as of today's date. However, limiting the ciphers list to only strong, secure ciphers (as of today's date) will prevent your client from connecting to servers that only support older, weaker, or broken ciphers.

For example, I tried using the Mozilla recommended modern, intermediate, and old cipher lists. These resulted in mIRC being unable to connect via SSL with at least 40% of the IRC servers that I tested.

As mentioned in a previous post, mIRC's current default ciphers list is:

ALL:!ADH:!aNULL:!eNULL:!EXP:!3DES:!RC4:!MD5:!PSK:!SRP:!DSS:!SSLv2:!LOW

However, this was last updated in 2014. If anyone has any suggested updates to this list, please let me know.