Code: Select all
[SSL ERROR]: too large
[SOCKET ERROR]: Secure Socket Layer error
Here's a paste to a connection attempt.
Any help with this wld be so cool. Thanks.
Moderator: Supporters
Code: Select all
[SSL ERROR]: too large
[SOCKET ERROR]: Secure Socket Layer error
Code: Select all
[21:07:57] There are 1 users and 1 invisible on 1 servers
[21:07:57] [SSL ERROR]: too large
[21:07:57] [SOCKET ERROR]: Secure Socket Layer error
[21:07:57] Connection terminated
Code: Select all
root@xtremeirc:~# nmap -sT -O localhost
Starting Nmap 7.40 ( https://nmap.org ) at 2019-01-04 12:12 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000036s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
6667/tcp open irc
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.7 - 3.11
Network Distance: 0 hops
Code: Select all
[irc.xtremeirc.net]: *** Client connecting: irccloud ([email protected]) [192.184.10.118] {clients} [secure ECDHE-RSA-AES256-GCM-SHA384]
Code: Select all
[irc.xtremeirc.net]: *** Client connecting: mibbit ([email protected]) [1x1.129.202.38] {clients} [secure ECDHE-RSA-AES256-SHA]
Code: Select all
[irc.xtremeirc.net]: *** Client connecting: ghost_ ([email protected]) [000.000.208.3] {clients} [secure ECDHE-RSA-AES256-GCM-SHA384]
Can you connect with those clients to other servers? In particular irc.unrealircd.org (6697 as usual)I got in with hexchat via ssl. But weechat, bitchx and kvirc all give errors. Man, I need help on this big time. Been at it for two now. Wiping the drive, reinstalling the OS and software...all for a 20 minute set up routine. I was getting same thing on Inspircd. So I tried your Unreal. This is a nightmare! What can I do to help you help me?
In addition, a friend of mine just used Mibbet and irccloud and got on @ 6697. So some clients are accepting whatever's going on here, but the major clients like bitchx and weechat arent.
Yes. So I'm beginning to think my self-signed certificate is the problem. But damn! Wasn't ever like that before.Can you connect with those clients to other servers? In particular irc.unrealircd.org (6697 as usual)
4.2.11. What is your UnrealIRCd version?
OpenSSL 1.0.1t2.What is your OpenSSL version?
I've been trying to setup on Deb 9, but just did a fresh install of Deb 8.3. What OS are you using?
I didn't.4. Did you set anything in your set::ssl block?
Code: Select all
Loading IRCd configuration..
Configuration loaded without any problems.
Loading tunefile..
Initializing SSL..
Dynamic configuration initialized.. booting IRCd.
UnrealIRCd is now listening on the following addresses/ports:
IPv4: 127.0.0.1:6900(SSL), *:6697(SSL), *:6667
IPv6: 2a06:3d81:7:b:c:d:e:f:7005(SSL), *:6697(SSL), *:6667
UnrealIRCd started.
ircd@xtremeirc:~/unrealircd$
It is true that clients are becoming more strict with regards to self-signed certificates, yes. But I would say that would not explain a disconnect half-way through LUSERS, it should have disconnected in the SSL handshake phase (before you even see any IRC stuff), so that is what spotted my attention. Also, I would expect the client to print out an error regarding the certificate then, which it didn't in your (first) paste.I'm beginning to think my self-signed certificate is the problem. But damn! Wasn't ever like that before.
From weechat:You also said "weechat, bitchx and kvirc all give errors", but what errors are they giving?
Code: Select all
|06:18:02 xtremessl =!= | gnutls: the hostname in the certificate
│ | does NOT match "irc.xtremeirc.net"
│06:18:02 xtremessl =!= | gnutls: peer's certificate is NOT trusted
│06:18:02 xtremessl =!= | gnutls: peer's certificate issuer is
| unknown
│06:18:02 xtremessl =!= | irc: TLS handshake failed
│06:18:02 xtremessl =!= | irc: error: Error in the certificate.
Code: Select all
[SSL ERROR]: too large
[SOCKET ERROR]: Secure Socket Layer error
Not a problem.If you are ok with it, you could post the IP of the server here so people can try to connect, see what happens.
Code: Select all
apt install g++ tcl tcl-dev pkg-config postfix apache2 alpine cmake make build-essential openssl libcurl4-openssl-dev zlib1g zlib1g-dev zlibc libgcrypt11-dev libssl-dev libgnutls-openssl-dev
Code: Select all
openssl s_client -connect localhost:6697
What you post from weechat is indeed because the certificate being self signed. That can only be fixed by using a real certificate, with the correct name, etc. or by configuring your client to ignore such things. Naturally the first is preferred over the latter .|06:18:02 xtremessl =!= | gnutls: the hostname in the certificate
│ | does NOT match "irc.xtremeirc.net"
│06:18:02 xtremessl =!= | gnutls: peer's certificate is NOT trusted
│06:18:02 xtremessl =!= | gnutls: peer's certificate issuer is
| unknown
│06:18:02 xtremessl =!= | irc: TLS handshake failed
│06:18:02 xtremessl =!= | irc: error: Error in the certificate.
Code: Select all
# nmap --script ssl-enum-ciphers -p6697 localhost
Code: Select all
irc.server.netname.ssl_verify = off
irc.server.netname.ssl_priorities = NORMAL:-VERS-SSL3.0