Miranda NG Official Community Forum

Forum for English speaking Miranda NG users => Bug reports => Topic started by: Dodge DeBoulet on 09 09 2014, 13:32:10

Title: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: Dodge DeBoulet on 09 09 2014, 13:32:10: Hi All,

I'm attempting to connect to a specific IRC server (thot.us) and am receiving the error shown in the attachment. It appears to be specific to the x64 build, as I know others are using Miranda NG with the same server with the x86 version.

Does anyone know of a workaround? I've tried SSL On, Off and Auto, and enabled/disabled the "Validate SSL Certificates" for the IRC Server connection.

Thanks in advance for any help you can provide.
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: White-Tiger on 09 09 2014, 14:48:02: Guess a simple math error with 32bit vs 64bit variables^^
Though, it tries an SSL connection even though SSL is disabled?
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: Dodge DeBoulet on 09 09 2014, 14:51:49: Well, no, with SSL set to Off it simply fails to connect :)
Title: Re:IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: White-Tiger on 09 09 2014, 16:06:25: Well then, you'll have to wait for someone else to help you.
I'm not really into it and so far our IRC seems to use netlib for it's SSL stuff.. and I hope and think netlib is x86_64 compatible :P

But I'm sure someone drops by soon and clears this up ;)
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: Dodge DeBoulet on 09 09 2014, 21:04:10: Thanks, WT. I'll be waiting patiently :)
Post Merge: 10 09 2014, 14:41:45
FYI, I can connect on a non-SSL port on the same server with no problem. Not sure it matters, but offer it as a data point.
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: ghazan on 11 09 2014, 13:01:49: Quote from: Dodge DeBoulet on 09 09 2014, 21:04:10
Thanks, WT. I'll be waiting patiently :)
Post Merge: 10 09 2014, 14:41:45
FYI, I can connect on a non-SSL port on the same server with no problem. Not sure it matters, but offer it as a data point.
Usually IRC servers provide different ports for various purposes (for example, UTF-encoded traffic instead of 1250-encoded) etc.
you definitely can connect without ssl, but you need to read an instruction at the server
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: Dodge DeBoulet on 11 09 2014, 14:19:50: Not sure I understand; are you suggesting that adjusting the Server Code Page settings in Miranda would let me connect via SSL? I actually know the individual that runs this server; he admits that the IRC server software he is running is pretty ancient but didn't have any suggestions for getting me connected.

I had UTF-8 auto-detection turned off, but enabling it made no difference . . . nor have the various code page settings I've tried.

Thanks for your help; any additional ideas would be appreciated.
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: Dodge DeBoulet on 15 09 2014, 10:41:04: Doesn't seem like the maintainers of the IRC plug-in spend much time here. Is there a formal mechanism for reporting what may be a bug?
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: White-Tiger on 15 09 2014, 11:40:39: http://trac.miranda-ng.org/newticket
you need an account though...
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: watcher on 15 09 2014, 16:28:24: What is an exact IRC server address?
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: watcher on 16 09 2014, 19:14:01: I'm almost sure you just not using the right port, for instance irc.freenode.net - on port 6667 gave me the same popup with the same error, but i went to their site and whar do i see?

Quote
All freenode servers listen on ports 6665, 6666, 6667, 6697 (SSL only), 7000 (SSL only), 7070 (SSL only), 8000, 8001 and 8002.

So i tried port 6697 and it works with SSL, so i will qote ghazan again:

Quote from: ghazan on 11 09 2014, 13:01:49
Usually IRC servers provide different ports for various purposes (for example, UTF-encoded traffic instead of 1250-encoded) etc.
you definitely can connect without ssl, but you need to read an instruction at the server

Find the right port that works with SSL.

Post Merge: 16 09 2014, 19:52:59
Checked x64 to be on a safe side:

IRC with SSL on Miranda NG x64
(http://i.imgur.com/5JG3SCV.png)
[close]
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: Dodge DeBoulet on 24 09 2014, 17:39:38: Thanks for the followup, and my apologies for not responding sooner. I was previously getting emails for new posts to this thread, but they've apparently stopped.

I've asked the owner of the server to verify port configurations and will let you know. As I mentioned previously, 32 bit users of Miranda NG are apparently able to connect on that port using SSL.
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: watcher on 24 09 2014, 17:52:39: Quote from: Dodge DeBoulet on 24 09 2014, 17:39:38
As I mentioned previously, 32 bit users of Miranda NG are apparently able to connect on that port using SSL.

We can not work using assumptions, on popular IRC servers 64-bit miranda connects to ssl ports as well as 32-bit version. If problem exists, then we need a way to reproduce it to find what is wrong. There is no other way. So we need full address of this server or we can't do anything about this problem.
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: Dodge DeBoulet on 24 09 2014, 17:56:52: It's in the first post, but I'll gladly repeat it here: thot.us. The owner has assured me that the SSL port is 12358.

Thank you for looking into this.
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: watcher on 24 09 2014, 18:04:08: Quote from: Dodge DeBoulet on 24 09 2014, 17:56:52
t's in the first post, but I'll gladly repeat it here: thot.us. The owner has assured me that the SSL port is 12358.

thot.us or irc.thot.us? I can't connect to it from 32-bit Miranda on any port. With or without SSL.

Code: [Select]
[21:06:22 07A4] KeepStatus: assigning status 40072 to IRC [21:06:22 08D4] [IRC] Connection request to thot.us:12358 (Flags 0).... [21:06:22 08D4] [IRC] (01CAF808) Connecting to server thot.us:12358.... [21:06:22 08D4] [IRC] (01CAF808) Connecting to ip 80.68.92.194:12358 .... [21:06:22 08D4] [IRC] (712) Connected to thot.us:12358 [21:06:22 08D4] [IRC] (712 thot.us) Starting SSL negotiation [21:06:22 08D4] SSL connection failure (80090331 473): The client and server cannot communicate, because they do not possess a common algorithm. [21:06:22 08D4] [IRC] (712 thot.us) Failure to negotiate SSL connection [21:06:22 08D4] [IRC] (01CAF808:712) Connection closed internal [21:06:22 08D4] [IRC] (01CAF808:4294967295) Connection closed [21:06:22 07A4] KeepStatus: cancel on login error (IRC) [21:06:22 07A4] KeepStatus: assigning status 40071 to IRC [21:06:22 07A4] KeepStatus: IRC login error, cancel reconnecting [21:06:22 07A4] KeepStatus: Status was set ok [21:06:22 07A4] KeepStatus: stop checking (success)
As you can see 32-bit miranda can't connect to thot.us using SSL on port 1253. Same result without SSL.
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: Dodge DeBoulet on 24 09 2014, 18:08:35: Ugh, sorry!

irc.thot.us.

Edited to add: Actually both thot.us and irc.thot.us point to the same host.
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: watcher on 24 09 2014, 18:16:27: Code: [Select]
[21:16:12 112C] KeepStatus: assigning status 40072 to IRC [21:16:13 0D74] [IRC] Connection request to irc.thot.us:12538 (Flags 0).... [21:16:13 0D74] [IRC] (0168DB58) Connecting to server irc.thot.us:12538.... [21:16:13 0D74] [IRC] (0168DB58) Connecting to ip 80.68.92.194:12538 .... [21:16:14 0D74] [IRC] modules\netlib\netlibopenconn.cpp 725: connect() failed (10061) [21:16:14 112C] KeepStatus: cancel on login error (IRC) [21:16:14 112C] KeepStatus: assigning status 40071 to IRC [21:16:14 112C] KeepStatus: IRC login error, cancel reconnecting [21:16:14 112C] KeepStatus: Status was set ok [21:16:14 112C] KeepStatus: stop checking (success)
Can't connect to irc.thot.us either. 32-bit. Only here it's not even starting SSL negotiation. Could not connect to any other common IRC port with or without SSL.
Title: Odp: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: watcher on 24 09 2014, 18:42:15: Well, finally i used mIRC (the leader of IRC programs for windows) with OpenSSL. I could connect to irc.freenode.net:7000 (SSL port) and other IRC netwotks using SSL.

Code: [Select]
* Connecting to thot.us (+12538) - * Unable to connect to server (Connection refused) - * Connect retry #1 thot.us (+12538) - * Unable to connect to server (Connection refused)
Talk to server's admins, something is not right here. And it's not Miranda's problem.
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: watcher on 24 09 2014, 18:49:38: If you are succeeding to connect to thot.us:12538 using SSL with 32-bit Miranda - please provide netlog (http://wiki.miranda-ng.org/index.php?title=Network_log) for it.
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: Dodge DeBoulet on 30 09 2014, 15:10:29: Sorry it's taken so long to get back to you. Traveling last week . . .

netlog of the 32 bit client (running on XP) attached.
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: watcher on 30 09 2014, 15:24:56: Now i could reproduce it - it connects from XP with SSL, but doesn't from Win 7 x86 (both cases on Miranda 32-bit) . Version of SSL on server is too old.
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: Dodge DeBoulet on 30 09 2014, 15:29:39: Ahah! Thank you. He's been talking about upgrading it, this may be the impetus :)
Title: Re:IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: watcher on 30 09 2014, 15:43:47: Dodge DeBoulet, look here (https://www.sslshopper.com/ssl-checker.html#hostname=thot.us). Show it to server admin. Both errors are fatal. Tell him to test compatibility with Win 7 too, the security key might be too short for Win 7 SSL to work with.
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: Dodge DeBoulet on 30 09 2014, 17:01:51: The server is essentially a work-related but casual and out-of-band communication channel for a small group of people, so security hasn't been the top priority. Everyone else is able to connect via other clients (or Miranda NG on a no-longer-supported platform).

I've relayed the concern with the certificate expiration and validity and I'm sure something will be done about it soon. I just wanted to determine whether it was a Miranda bug or not; I hadn't considered that it might be a platform issue.

Thanks again for getting to the root of the issue. I'll go see if I can close the ticket I opened ;)

EDIT: Looks like someone took care of the ticket already. Whoever that was, thanks :)
Title: Re: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64
Post by: AnrDaemon on 04 10 2014, 17:04:38: Just a note about the certificate, putting the site address into CN is considered bad and misleading practice.
But the most problematic issue with this certificate is that it's CA certificate, which means, the server is using CA certificate keys, probably (even, likely) not protected with password. Then smallest security breach will let the attacker have a hold on the CA keys.
Don't do this. Ever.