mIRC Home    About    Download    Register    News    Help

Topic Options
#265468 - 01/05/19 10:00 AM Consider updating OpenSSL to 1.1.x
miwob Offline
Self-satisified door

Registered: 01/05/19
Posts: 3
Consider updating OpenSSL to 1.1.x to support TLSv1.3.

Top
#265475 - 07/05/19 12:00 PM Re: Consider updating OpenSSL to 1.1.x [Re: miwob]
Khaled Offline


Planetary brain

Registered: 04/12/02
Posts: 4445
Loc: London, UK
This is on my to-do list, especially as the 1.0.x series will only be supported by OpenSSL until 31st December 2019. From what I have read, the API in 1.1.x series has changed and there is no supported migration path. Considering that mIRC's SSL support is tightly integrated with 1.0.x and runs to about 4000 lines of code, this will likely require significant time and work. I am tempted to switch to Windows Schannel for SSL support to mitigate this type of issue in future - although Schannel does not have support for TLSv1.3 yet :-]

Top
#265480 - 09/05/19 09:07 PM Re: Consider updating OpenSSL to 1.1.x [Re: miwob]
Khaled Offline


Planetary brain

Registered: 04/12/02
Posts: 4445
Loc: London, UK
Right. I downloaded and compiled the latest OpenSSL 1.1.x. I had to make quite a few changes to mIRC's SSL code to make it link. There were a number of crashes but these seem to have been resolved. OpenSSL 1.1.x makes a number of structs opaque, so they cannot be accessed directly, so different APIs have had to be used in a number of places. Quite a few OpenSSL functions have been changed into macros which also required changes. As far as I can tell, mIRC is now working with 1.1.x but it will need testing.

In addition, these changes mean that mIRC is no longer compatible with older versions of OpenSSL.

This change will be in the next beta.


Edited by Khaled (15/05/19 04:48 PM)

Top
#265498 - 16/05/19 09:37 AM Re: Consider updating OpenSSL to 1.1.x [Re: miwob]
Khaled Offline


Planetary brain

Registered: 04/12/02
Posts: 4445
Loc: London, UK
It turns out that OpenSSL 1.1.x uses API calls that are only available on Windows 7 onwards, which means that the latest beta will not run on Windows XP/Vista. At this point, the number of XP/Vista users is so small that I am not sure maintaining support for them makes sense. I am looking into whether 1.1.x can be compiled so that it will work on them but if it turns out that this is not possible, the next version of mIRC will be dropping XP/Vista support.

Update: I found a way to compile OpenSSL to avoid APIs that XP does not support. This change will be in the next beta.


Edited by Khaled (16/05/19 07:09 PM)

Top
#265502 - 17/05/19 01:33 AM Re: Consider updating OpenSSL to 1.1.x [Re: miwob]
miwob Offline
Self-satisified door

Registered: 01/05/19
Posts: 3
That's great news! And thanks for sharing your progress here.

Top
#265510 - 19/05/19 11:22 AM Re: Consider updating OpenSSL to 1.1.x [Re: miwob]
miwob Offline
Self-satisified door

Registered: 01/05/19
Posts: 3
Looking good so far:

Code:
*** Connected securely via TLSv1.3-TLS_AES_256_GCM_SHA384-256

Top