[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
STARTTLS and ircd
- To: ircd-users@xxxxxxx
- Subject: STARTTLS and ircd
- From: Thomas Kuiper <engerim@xxxxxxxxxx>
- Date: Tue, 15 Feb 2000 21:03:30 +0100 (MET)
- Delivered-to: ircd-users-out@irc.org
- Delivered-to: ircd-users@irc.org
Hi,
I write a SSL extension for the ircd using OpenSSL (which is the most
portable and most used SSL Library afaik). Its supposed to be in
/contrib, since its using a non-standard library. Its also going to
be IETF-Draft, so here is a quick overview for you what it does:
A extra file for SSL/TLS, named ircd.tls, where you can put the
ident@host's whom you want to allow the use of SSL/TLS, and which
certificate/rsa-key should be used for those. Client/Server
communication goes like this:
...
C: STLS
S: <start TLS/SSL negotiation>
... At any point during the connection. A fallback to a non-secure
connection is not possible.
There are other examples of such extensions, like:
RFC 2595: Using TLS with IMAP, POP3 and ACAP
RFC 2487: SMTP Service Extension for Secure SMTP over TLS
FTP just showed up a extension as draft, and I want to make sure
IRC gets the same ability to handle SSL/TLS with simple switching.
A working group mailing list is going to be set up.
Please contact me for more details about it.
Engerim
(ported OpenSSL to Netware) :)