mIRC Home    About    Download    Register    News    Help

Print Thread
#271949 19/08/23 05:43 AM
Joined: Jul 2015
Posts: 15
T
tweek Offline OP
Pikka bird
OP Offline
Pikka bird
T
Joined: Jul 2015
Posts: 15
I join a private server. Since the past 2 updates I cannot join there I get the following error:

[Aug/19/2023 Sat:12:32:41am] * Connecting to XXXX.XXXX (+994)
-
[Aug/19/2023 Sat:12:32:42am] * Unable to connect to server (SSL legacy sigalg disallowed or unsupported)

Is there a easy workaround for me on this? Can we get some way to ignore the warning and join anyway since I know the site is safe as I have used it for many years?

Right now I use an old version to go there but I like to have latest updates for everything.

Thanks!

tweek #271951 19/08/23 11:28 AM
Joined: Dec 2002
Posts: 5,482
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 5,482
This is related to CVE-2009-3555, an MITM vulnerability in the SSL/TLS protocols, reported in 2009. While older OpenSSL versions had the SSL_OP_LEGACY_SERVER_CONNECT option enabled by default when using SSL_OP_ALL with SSL_CTX_set_options(), to allow connections to unpatched servers, newer versions of OpenSSL do not.

The issue is not whether the site you are using is safe/unsafe. It is that, because the SSL on your IRC server has not been updated, possibly since 2009, your SSL connections to it are not secure.

Have you contacted the owner of the server to ask them to update their server?

Khaled #272231 27/11/23 04:13 PM
Joined: Nov 2023
Posts: 4
Self-satisfied door
Offline
Self-satisfied door
Joined: Nov 2023
Posts: 4
I'd like to know how to solve this as well?

The 7.75 Changelog says:
13.Added SSL cipher directive @LEGACY to enable connections to unpatched
servers reporting "legacy sigalg disallowed" error. Servers needing
this may also need cipher directive @SECLEVEL=0.

So how and/or where do I add this @LEGACY cipher? I tried adding it to the mirc.ini behind the other ciphers in the SSL section, but that didn't work. Right now that line reads: ciphers=ALL:!ADH:!aNULL:!eNULL:!EXP:!3DES:!RC4:!MD5:!PSK:!SRP:!DSS:!SSLv2:!LOW:@STRENGTH
So what do I need to add or delete, and where?

It's a small private server that won't get any SSL updates any time soon, so I need to sort it on my end wink

Thanks in advance smile

N1mu3h #272251 05/12/23 11:22 AM
Joined: Dec 2002
Posts: 5,482
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 5,482
You would need to add @LEGACY, and probably @SECLEVEL=0, to the end of the list of ciphers, separated by colons.

You should only use this setting if you don't care about using a secure connection and just want to be able to connect to a legacy server that does not allow non-SSL connections.

If the above doesn't help, your server's SSL support is probably so old and compromised that it just won't work.

Khaled #272252 05/12/23 02:48 PM
Joined: Nov 2023
Posts: 4
Self-satisfied door
Offline
Self-satisfied door
Joined: Nov 2023
Posts: 4
That worked, thank you so much!

Is there any way to add it for just ONE server in mIRC? My main client connects to several other servers that have proper SSL, so I'm a bit wary to add it in that one as well.

N1mu3h #272253 05/12/23 04:35 PM
Joined: Dec 2002
Posts: 5,482
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 5,482
The SSL ciphers option is a global setting, so you cannot set it for just one server.

Khaled #272254 05/12/23 04:36 PM
Joined: Nov 2023
Posts: 4
Self-satisfied door
Offline
Self-satisfied door
Joined: Nov 2023
Posts: 4
OK, thank you again and happy holidays grin


Link Copied to Clipboard