Author Topic: IRC: SSL Connection Failure w/ Miranda NG v0.95.2 build #9966 x64  (Read 15394 times)

0 Members and 1 Guest are viewing this topic.

Offline Dodge DeBoulet

  • Newbie
  • *
  • Posts: 11
Ugh, sorry!

irc.thot.us.

Edited to add: Actually both thot.us and irc.thot.us point to the same host.
« Last Edit: 24 09 2014, 18:13:36 by Dodge DeBoulet »
 

Offline watcher

Code: [Select]
[21:16:12 112C] KeepStatus: assigning status 40072 to IRC
[21:16:13 0D74] [IRC] Connection request to irc.thot.us:12538 (Flags 0)....
[21:16:13 0D74] [IRC] (0168DB58) Connecting to server irc.thot.us:12538....
[21:16:13 0D74] [IRC] (0168DB58) Connecting to ip 80.68.92.194:12538 ....
[21:16:14 0D74] [IRC] modules\netlib\netlibopenconn.cpp 725: connect() failed (10061)
[21:16:14 112C] KeepStatus: cancel on login error (IRC)
[21:16:14 112C] KeepStatus: assigning status 40071 to IRC
[21:16:14 112C] KeepStatus: IRC login error, cancel reconnecting
[21:16:14 112C] KeepStatus: Status was set ok
[21:16:14 112C] KeepStatus: stop checking (success)

Can't connect to irc.thot.us either. 32-bit. Only here it's not even starting SSL negotiation. Could not connect to any other common IRC port with or without SSL.
Пожалуйста, внимательно прочтите правила постинга перед тем, как открыть новую тему.
Please read forum rules.
 

Offline watcher

Well, finally i used mIRC (the leader of IRC programs for windows) with OpenSSL. I could connect to irc.freenode.net:7000 (SSL port) and other IRC netwotks using SSL.

Code: [Select]
* Connecting to thot.us (+12538)
-
* Unable to connect to server (Connection refused)
-
* Connect retry #1 thot.us (+12538)
-
* Unable to connect to server (Connection refused)

Talk to server's admins, something is not right here. And it's not Miranda's problem.
Пожалуйста, внимательно прочтите правила постинга перед тем, как открыть новую тему.
Please read forum rules.
 

Offline watcher

If you are succeeding to connect to thot.us:12538 using SSL with 32-bit Miranda  - please provide netlog for it.
Пожалуйста, внимательно прочтите правила постинга перед тем, как открыть новую тему.
Please read forum rules.
 

Offline Dodge DeBoulet

  • Newbie
  • *
  • Posts: 11
Sorry it's taken so long to get back to you. Traveling last week . . .

netlog of the 32 bit client (running on XP) attached.
 

Offline watcher

Now i could reproduce it - it connects from XP with SSL, but doesn't from Win 7 x86 (both cases on Miranda 32-bit) . Version of SSL on server is too old.
Пожалуйста, внимательно прочтите правила постинга перед тем, как открыть новую тему.
Please read forum rules.
 

Offline Dodge DeBoulet

  • Newbie
  • *
  • Posts: 11
Ahah! Thank you. He's been talking about upgrading it, this may be the impetus :)
 

Offline watcher

Dodge DeBoulet, look here. Show it to server admin. Both errors are fatal. Tell him to test compatibility with Win 7 too, the security key might be too short for Win 7 SSL to work with.
Пожалуйста, внимательно прочтите правила постинга перед тем, как открыть новую тему.
Please read forum rules.
 

Offline Dodge DeBoulet

  • Newbie
  • *
  • Posts: 11
The server is essentially a work-related but casual and out-of-band communication channel for a small group of people, so security hasn't been the top priority. Everyone else is able to connect via other clients (or Miranda NG on a no-longer-supported platform).

I've relayed the concern with the certificate expiration and validity and I'm sure something will be done about it soon. I just wanted to determine whether it was a Miranda bug or not; I hadn't considered that it might be a platform issue.

Thanks again for getting to the root of the issue. I'll go see if I can close the ticket I opened ;)

EDIT: Looks like someone took care of the ticket already. Whoever that was, thanks :)
« Last Edit: 30 09 2014, 17:06:06 by Dodge DeBoulet »
 

Offline AnrDaemon

Just a note about the certificate, putting the site address into CN is considered bad and misleading practice.
But the most problematic issue with this certificate is that it's CA certificate, which means, the server is using CA certificate keys, probably (even, likely) not protected with password. Then smallest security breach will let the attacker have a hold on the CA keys.
Don't do this. Ever.