mIRC Home    About    Download    Register    News    Help

Print Thread
Consider updating OpenSSL to 1.1.x #265468 01/05/19 09:00 AM
Joined: May 2019
Posts: 3
M
miwob Offline OP
Self-satisified door
OP Offline
Self-satisified door
M
Joined: May 2019
Posts: 3
Consider updating OpenSSL to 1.1.x to support TLSv1.3.

Re: Consider updating OpenSSL to 1.1.x [Re: miwob] #265475 07/05/19 11:00 AM
Joined: Dec 2002
Posts: 4,519
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,519
This is on my to-do list, especially as the 1.0.x series will only be supported by OpenSSL until 31st December 2019. From what I have read, the API in 1.1.x series has changed and there is no supported migration path. Considering that mIRC's SSL support is tightly integrated with 1.0.x and runs to about 4000 lines of code, this will likely require significant time and work. I am tempted to switch to Windows Schannel for SSL support to mitigate this type of issue in future - although Schannel does not have support for TLSv1.3 yet :-]

Re: Consider updating OpenSSL to 1.1.x [Re: miwob] #265480 09/05/19 08:07 PM
Joined: Dec 2002
Posts: 4,519
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,519
Right. I downloaded and compiled the latest OpenSSL 1.1.x. I had to make quite a few changes to mIRC's SSL code to make it link. There were a number of crashes but these seem to have been resolved. OpenSSL 1.1.x makes a number of structs opaque, so they cannot be accessed directly, so different APIs have had to be used in a number of places. Quite a few OpenSSL functions have been changed into macros which also required changes. As far as I can tell, mIRC is now working with 1.1.x but it will need testing.

In addition, these changes mean that mIRC is no longer compatible with older versions of OpenSSL.

This change will be in the next beta.

Last edited by Khaled; 15/05/19 03:48 PM.
Re: Consider updating OpenSSL to 1.1.x [Re: miwob] #265498 16/05/19 08:37 AM
Joined: Dec 2002
Posts: 4,519
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,519
It turns out that OpenSSL 1.1.x uses API calls that are only available on Windows 7 onwards, which means that the latest beta will not run on Windows XP/Vista. At this point, the number of XP/Vista users is so small that I am not sure maintaining support for them makes sense. I am looking into whether 1.1.x can be compiled so that it will work on them but if it turns out that this is not possible, the next version of mIRC will be dropping XP/Vista support.

Update: I found a way to compile OpenSSL to avoid APIs that XP does not support. This change will be in the next beta.

Last edited by Khaled; 16/05/19 06:09 PM.
Re: Consider updating OpenSSL to 1.1.x [Re: miwob] #265502 17/05/19 12:33 AM
Joined: May 2019
Posts: 3
M
miwob Offline OP
Self-satisified door
OP Offline
Self-satisified door
M
Joined: May 2019
Posts: 3
That's great news! And thanks for sharing your progress here.

Re: Consider updating OpenSSL to 1.1.x [Re: miwob] #265510 19/05/19 10:22 AM
Joined: May 2019
Posts: 3
M
miwob Offline OP
Self-satisified door
OP Offline
Self-satisified door
M
Joined: May 2019
Posts: 3
Looking good so far:

Code:
*** Connected securely via TLSv1.3-TLS_AES_256_GCM_SHA384-256