mIRC Homepage

31.Added "ciphers" item to [ssl]

Posted By: Wo1f

31.Added "ciphers" item to [ssl] - 27/10/17 09:33 PM

31.Added "ciphers" item to [ssl] section in mirc.ini that allows you to specify list of accepted ciphers.

* How do you actually configure this?

There is zero info about it online or in the documentation also the mirc.ini doesn't have the line.

Thanks
Posted By: maroon

Re: 31.Added "ciphers" item to [ssl] - 27/10/17 10:38 PM

The sentence #30 right above it tells the contents to place in ciphers= item of [ssl] section. Note that it's ALL: followed by a list of excluded items. i.e. !MD5 means not-MD5. So if you want to allow 3DES and RC4, then remove !3DES and !RC4 from that list.

See https://forums.mirc.com/ubbthreads.php/topics/250389/Re:_Possible_sockopen_regressi#Post250389
Posted By: Raccoon

Re: 31.Added "ciphers" item to [ssl] - 28/10/17 07:27 AM

Next time you hear on the news about some CRAZY Internet-Is-Falling-Apart new exploit discovered in a given SSL cipher, you can casually delete it from your ini file.
Posted By: Khaled

Re: 31.Added "ciphers" item to [ssl] - 28/10/17 09:33 AM

This information is not provided because it is too technical and changes on a regular basis. In order to use this feature, you will need to Google for recommended, best-practice client-side ciphers lists as of today's date. However, limiting the ciphers list to only strong, secure ciphers (as of today's date) will prevent your client from connecting to servers that only support older, weaker, or broken ciphers.

For example, I tried using the Mozilla recommended modern, intermediate, and old cipher lists. These resulted in mIRC being unable to connect via SSL with at least 40% of the IRC servers that I tested.

As mentioned in a previous post, mIRC's current default ciphers list is:

ALL:!ADH:!aNULL:!eNULL:!EXP:!3DES:!RC4:!MD5:!PSK:!SRP:!DSS:!SSLv2:!LOW

However, this was last updated in 2014. If anyone has any suggested updates to this list, please let me know.
© 2022 mIRC Discussion Forums