mIRC Home    About    Download    Register    News    Help

Print Thread
#271443 08/03/23 08:48 PM
Joined: Mar 2023
Posts: 1
O
Mostly harmless
OP Offline
Mostly harmless
O
Joined: Mar 2023
Posts: 1
I'm trying to get mIRC to use the openSSL that is installed on my windows 11 machine. According to another forum post it has versions 1.1.1.9 built into mIRC.exe which I verified using:

Via post: https://forums.mirc.com/ubbthreads.php/topics/268623/ssl-dll-confusion
//echo -a $sslversion * $ssldll * $ssllibdll

I've installed openSSL ver 3 and copied the files to the mIRC Directory which I can see is libcrypt-3.x64.dll and libssl-3-x64.dll and maybe legacy.dll

When I load mIRC and run the script it still using mIRC 1.1.1.9 versions. Now according to openssl website version 1 is outdated and will drop support for it later this year in September. What am I doing wrong to get version 3 of openssl working. My channel is needing openSSL versions 2+.

Joined: Jan 2004
Posts: 2,127
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2004
Posts: 2,127
edit: just to be clear, if you have mirc.exe in a different folder than mirc.ini, which i don't have, you might need to copy the dll's into the folder where mirc.exe is located instead of where mirc.ini is located
end edit

I'm curious what you mean about your channel needing OpenSSL 2+? There is no such animal as OpenSSL version 2, as they jumped from 1.1.1 to 3.0. Are you trying to use a DLL that's been compiled to work only with v3.0?

You're saying $sslversion is 1.1.1.9 which is OpenSSL 1.1.1i, which was used only for mIRC v7.64, while v7.72 uses 1.1.1s which should show 1.1.1.19, so if you're still seeing the 1.1.1.9 it could be caused by having the libcrypto-1_1.dll and libssl-1_1.dll from 1.1.1i copied into your mIRC folder. The 1.1.1 series is at 't' now, and I'm pretty sure that you can copy the dll's from 1.1.1t into the mIRC folder and have the identifier change to say 1.1.1.20 and have everything work right, but you won't be able to do that with OpenSSL 3.0 even if you rename their DLL's to the filenames that mIRC is looking for.

It was v7.56 where mIRC updated from the 1.0.1 series to the 1.1.1 series, and at that time a DLL I was using couldn't work anymore until the author compiled it using 1.1.1 instead of 1.0.1, and people using mIRC v7.55 and earlier compiled under 1.0.1 series can't use the updated DLL which uses the OpenSSL 1.1.1 DLL.

Khaled has described it being a lot of re-coding to change mIRC from 1.0.1 to 1.1.1, and from my interacting with that external DLL, I know that it was not a matter of simply hot-swapping the newer OpenSSL dependencies in place and pressing the compile button, as there were a lot of changes that needed to be made to the code to get that DLL's calls to/from OpenSSL working right.

And that DLL's changing from 1.0.1 to compatible-with-1.1.1 code also needed testing, because the "this now works" code was not always "this now works correctly always", and I'm sure the same thing would happen after changing mIRC code to work with 3.0. The OpenSSL code for v3.0 made changes to a lot of things internally, but kept the external functions using identical parameters as 1.1.1 even though they didn't actually continue doing the same thing 'under the hood'. A lot of these changes were the kind of 'we know better than you what your code should be doing' changes, so stuff either stopped working or now took an outrageous amount of time. A couple of examples of OpenSSL doing stuff like this:

1. OpenSSL client certificates. When mIRC makes RSA certificates in options/connect/options/SSL it creates them in PEM format. OpenSSL also has a PFX format that the PEM can be translated into, however the PFX format defaults to wanting to have a password. This would be a big pain to have in your IRC client certificate, where you come back to the keyboard to find that you've been offline for hours because there's a prompt waiting for a password input. When using 1.1.1 series, it's easy to export from PEM format to PFX format without using a password. But for 3.0 series the same syntax no longer works without the -legacy because they don't think users should be using a key in PFX format without it having a password, and who knows if OpenSSL will eventually start doing the same to PEM format too. mIRC has support for a lot of past operating systems, and each newer OpenSSL keeps shoving more of their stuff into the 'legacy provider', making it harder to keep that code working with the newer series.

2. Checking if numbers are prime. Under 1.1.1 you can specify how many rounds of Miller-Rabin you wanted to use in testing if a number is prime, however in OpenSSL 3.0 they eliminated the setting where you could specify the number of Miller-Rabin repeats. But instead of eliminating the parameter in the external function call so that coders could now be alerted that OpenSSL was not honoring their request, they kept the same external interface as 1.1.1 - but just silently ignored the reqested number of checks, and it instead does the number of checks they decide you should have, based on how big your number is, which for the RSA-4096 client certificate would now be 128 repeats.

So, for example, if mIRC were to use code that each time you connect to a network using a client certificate, when it loads the client.pem, it were to check if the primes in the private key really are primes, a request to perform 2 or 3 rounds of Miller-Rabin would now suddenly take 30 seconds because it was silently ignoring your request for 3 rounds and instead doing 128. When I asked OpenSSL to restore the 1.1.1 functionality in 3.0, they wouldn't do it because they want to prevent people from mis-using the parameter. While something like this would be obvious the first time anyone tried to connect using a client certificate, there could be other problems which could make v3.0 bomb out or take too long, but might be encountered only under edge case conditions, or could randomly happen only 1/256 of the time. In my case, if I were to upgrade my program from using the 1.1.1 DLL to using the 3.0 DLL, there's no way I could keep my code from being 3x slower or worse, due to just that 1 external function ignoring that 1 parameter.

Last edited by maroon; 09/03/23 04:04 PM.
Joined: Feb 2011
Posts: 454
K
Pan-dimensional mouse
Offline
Pan-dimensional mouse
K
Joined: Feb 2011
Posts: 454
mIRC only supports 1.1.1 versions of OpenSSL.

Quote from the change log:

Quote
06/07/2019 - mIRC v7.56
...
4.Updated OpenSSL library to v1.1.1b. Required code changes due to to
changes in OpenSSL 1.1.x. Older OpenSSL versions are no longer
supported. Compiled to work on XP. Dynamic loading of OpenSSL DLLs
still supported as libcrypto-1_1.dll and libssl-1_1.dll.

You will need to wait for Khaled to add support for 3.x.

Side note: Your filenames include "x64" which implies 64bit file. mIRC is 32bit and trying to load a 64bit DLL into a 32bit EXE will not work anyway.


Link Copied to Clipboard