Home / ubuntu / Questions / 1086972
Accepted
Internet User
Asked: 2018-10-25 18:18:45 +0800 CST

How to use SSL with Quassel? (Lubuntu 18.10 i386)

  • 772

I executed the command in the Quassel documentation and in File > Networks > Configure Networks clicked 'Edit...' for irc.ubuntu.com:8001 and checked 'Use SSL' (with no proxy, nothing in the Advanced tab altered).

Connection failure: Error during SSL handshake: error:1408F10B:SSL routines:ssl3_get_record:wrong version number

I have found in Settings > Configure Quassel... > IRC > Identities > Advanced > Use SSL Certificate a section to load a certificate: Is this not where we're supposed to specify the root CA we created above? But when I click 'Load', I do not see a way to specify the .config folder, which is apparently hidden. How do I proceed?

Terminal output from executing the openssl command:

$ openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout ~/.config/quassel-irc.org/quasselCert.pem -out ~/.config/quassel-irc.org/quasselCert.pem
Generating a 4096 bit RSA private key
.........................................++++
...................................................................................++++
writing new private key to '/home/username/.config/quassel-irc.org/quasselCert.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:[answered]
State or Province Name (full name) [Some-State]:[answered]
Locality Name (eg, city) []:[answered]
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []:.
Email Address []:[answered]
irc security lubuntu ssl 18.10

1 Answers

  1. Best Answer

    You're getting a little ahead of yourself there.

    If you look at the SSL handshake, you'll find that the first steps are the client sending out info on its versions, followed by the server responding with its versions. Note this is before certificates are even involved.

    The problem, ultimately, lies in the fact that you're trying to connect where the version number is wrong because there is no version number because there's no SSL support there at all. Freenode's connection instructions clearly state that 8001 is not the right port for SSL. In fact, they say it twice:

    You can connect to freenode by pointing your IRC client at chat.freenode.net on ports 6665-6667 and 8000-8002 for plain-text connections, or ports 6697, 7000 and 7070 for SSL-encrypted connections.

    and

    freenode provides SSL client access on all servers, on ports 6697, 7000 and 7070.

    Note especially that in the first of the two it says that 8000-8002 is for plain-text (read: non-encrypted, so non-SSL) connections.

    So the solution is replacing 8001 with one of 6697, 7000, or 7070.

    • 1