Register Log In

Forums Connection Issues SSL issue

Print Thread

SSL issue #271949 19/08/23 05:43 AM
Joined: Jul 2015 Posts: 15 T tweek OP Pikka bird
OP tweek Pikka bird T Joined: Jul 2015 Posts: 15	I join a private server. Since the past 2 updates I cannot join there I get the following error: [Aug/19/2023 Sat:12:32:41am] * Connecting to XXXX.XXXX (+994) - [Aug/19/2023 Sat:12:32:42am] * Unable to connect to server (SSL legacy sigalg disallowed or unsupported) Is there a easy workaround for me on this? Can we get some way to ignore the warning and join anyway since I know the site is safe as I have used it for many years? Right now I use an old version to go there but I like to have latest updates for everything. Thanks!

Re: SSL issue tweek #271951 19/08/23 11:28 AM
Joined: Dec 2002 Posts: 5,424 London, UK Khaled Hoopy frood
Khaled Hoopy frood Joined: Dec 2002 Posts: 5,424 London, UK	This is related to CVE-2009-3555, an MITM vulnerability in the SSL/TLS protocols, reported in 2009. While older OpenSSL versions had the SSL_OP_LEGACY_SERVER_CONNECT option enabled by default when using SSL_OP_ALL with SSL_CTX_set_options(), to allow connections to unpatched servers, newer versions of OpenSSL do not. The issue is not whether the site you are using is safe/unsafe. It is that, because the SSL on your IRC server has not been updated, possibly since 2009, your SSL connections to it are not secure. Have you contacted the owner of the server to ask them to update their server?

Re: SSL issue Khaled #272231 27/11/23 04:13 PM
Joined: Nov 2023 Posts: 4 N1mu3h Self-satisfied door
N1mu3h Self-satisfied door Joined: Nov 2023 Posts: 4	I'd like to know how to solve this as well? The 7.75 Changelog says: 13.Added SSL cipher directive @LEGACY to enable connections to unpatched servers reporting "legacy sigalg disallowed" error. Servers needing this may also need cipher directive @SECLEVEL=0. So how and/or where do I add this @LEGACY cipher? I tried adding it to the mirc.ini behind the other ciphers in the SSL section, but that didn't work. Right now that line reads: ciphers=ALL:!ADH:!aNULL:!eNULL:!EXP:!3DES:!RC4:!MD5:!PSK:!SRP:!DSS:!SSLv2:!LOW:@STRENGTH So what do I need to add or delete, and where? It's a small private server that won't get any SSL updates any time soon, so I need to sort it on my end Thanks in advance

Re: SSL issue N1mu3h #272251 05/12/23 11:22 AM
Joined: Dec 2002 Posts: 5,424 London, UK Khaled Hoopy frood
Khaled Hoopy frood Joined: Dec 2002 Posts: 5,424 London, UK	You would need to add @LEGACY, and probably @SECLEVEL=0, to the end of the list of ciphers, separated by colons. You should only use this setting if you don't care about using a secure connection and just want to be able to connect to a legacy server that does not allow non-SSL connections. If the above doesn't help, your server's SSL support is probably so old and compromised that it just won't work.

Re: SSL issue Khaled #272252 05/12/23 02:48 PM
Joined: Nov 2023 Posts: 4 N1mu3h Self-satisfied door
N1mu3h Self-satisfied door Joined: Nov 2023 Posts: 4	That worked, thank you so much! Is there any way to add it for just ONE server in mIRC? My main client connects to several other servers that have proper SSL, so I'm a bit wary to add it in that one as well.

Re: SSL issue N1mu3h #272253 05/12/23 04:35 PM
Joined: Dec 2002 Posts: 5,424 London, UK Khaled Hoopy frood
Khaled Hoopy frood Joined: Dec 2002 Posts: 5,424 London, UK	The SSL ciphers option is a global setting, so you cannot set it for just one server.

Re: SSL issue Khaled #272254 05/12/23 04:36 PM
Joined: Nov 2023 Posts: 4 N1mu3h Self-satisfied door
N1mu3h Self-satisfied door Joined: Nov 2023 Posts: 4	OK, thank you again and happy holidays

Link Copied to Clipboard