Forums Connection Issues SSL issue

I join a private server. Since the past 2 updates I cannot join there I get the following error:

[Aug/19/2023 Sat:12:32:41am] * Connecting to XXXX.XXXX (+994)
-
[Aug/19/2023 Sat:12:32:42am] * Unable to connect to server (SSL legacy sigalg disallowed or unsupported)

Is there a easy workaround for me on this? Can we get some way to ignore the warning and join anyway since I know the site is safe as I have used it for many years?

Right now I use an old version to go there but I like to have latest updates for everything.

Thanks!

This is related to CVE-2009-3555, an MITM vulnerability in the SSL/TLS protocols, reported in 2009. While older OpenSSL versions had the SSL_OP_LEGACY_SERVER_CONNECT option enabled by default when using SSL_OP_ALL with SSL_CTX_set_options(), to allow connections to unpatched servers, newer versions of OpenSSL do not.

The issue is not whether the site you are using is safe/unsafe. It is that, because the SSL on your IRC server has not been updated, possibly since 2009, your SSL connections to it are not secure.

Have you contacted the owner of the server to ask them to update their server?

I'd like to know how to solve this as well?

The 7.75 Changelog says:
13.Added SSL cipher directive @LEGACY to enable connections to unpatched
servers reporting "legacy sigalg disallowed" error. Servers needing
this may also need cipher directive @SECLEVEL=0.

So how and/or where do I add this @LEGACY cipher? I tried adding it to the mirc.ini behind the other ciphers in the SSL section, but that didn't work. Right now that line reads: ciphers=ALL:!ADH:!aNULL:!eNULL:!EXP:!3DES:!RC4:!MD5:!PSK:!SRP:!DSS:!SSLv2:!LOW:@STRENGTH
So what do I need to add or delete, and where?

It's a small private server that won't get any SSL updates any time soon, so I need to sort it on my end

Thanks in advance

You would need to add @LEGACY, and probably @SECLEVEL=0, to the end of the list of ciphers, separated by colons.

You should only use this setting if you don't care about using a secure connection and just want to be able to connect to a legacy server that does not allow non-SSL connections.

If the above doesn't help, your server's SSL support is probably so old and compromised that it just won't work.

That worked, thank you so much!

Is there any way to add it for just ONE server in mIRC? My main client connects to several other servers that have proper SSL, so I'm a bit wary to add it in that one as well.

The SSL ciphers option is a global setting, so you cannot set it for just one server.

OK, thank you again and happy holidays

Thank You that fix also worked for me, i spent hours yesterday trying to fix it