Difference between revisions of "NL/SSL"

From Chat4AllFAQ
Jump to: navigation, search
m (Added placeholder text, linking to the English article.)
 
(Start of translation of the SSL article to Dutch)
Line 1: Line 1:
Dit artikel moet nog steeds vertaald/geschreven worden. Lees in de tussentijd anders het [[SSL|Engelse SSL artikel]].
+
== SSL ==
 +
SSL staat voor Secure Socket Layer (Beveiligde Socket Laag). In het kort: het is een veiligere manier van verbinden naar een server. Het is gebaseerd op het versleutelen van al het dataverkeer met een encryptie sleutel.
 +
 
 +
SSL werkt alleen wanneer alle betrokken partijen SSL ondersteunen, aangezien ze anders niet zouden begrijpen wat er 'gezegd' wordt door de ander. Aangezien de Chat4All chatservers sinds 2004 SSL verbindingen ondersteunen, kan je nu ook met ons IRC netwerk verbinden met een SSL-ondersteunende IRC client op poort +7001.
 +
 
 +
== Voordelen ==
 +
Over het algemeen zouden chatters niet echt SSL nodig hebben, tenzij ze behoefte hebben aan een extra gevoel van privacy, of omdat ze vermoeden dat iemand in hun 'subnet' aan het afluisteren is. Dit kan zeker handig zijn wanneer het gaat om versturen van wachtwoorden, bijvoorbeeld bij het inloggen op NickServ of ChanServ.
 +
 
 +
Met normale verbindingen kan iedereen die je computer gehacked heeft, of op hetzelfde subnet zit, 'luisteren' naar alle informatiepakketen die over je netwerk-/internet-verbinding verstuurd wordt. Utilities zoals Ethercap, Ethereal en Wireshark lezen deze datapakketten gewoon als de platte tekst die over je lijn verzonden wordt, en in het geval dat er geen encryptie is, kunnen ze dus zo achter je wachtwoorden en accountgegevens komen.
 +
Hier zie je bijvoorbeeld het programma Ethereal in actie over een '''NIET-'''beveiligde verbinding:
 +
[[Image:Ssl_unencrypted_cropped.png|Image:Ssl_unencrypted.png]] (klik om te vergroten)
 +
 
 +
Echter, wanneer iemand je verbinding aftapt terwijl je SSL gebruikt, zullen ze alleen de geencodeerde data kunnen zien, wat eruitziet als onzin voor hun, aangezien ze dat niet makkelijk kunnen decoderen.
 +
Zo ziet Ethereal bijvoorbeeld data over een SSL verbinding:
 +
[[Image:Ssl_encrypted_cropped.png|Image:Ssl_encrypted.png]] (klik om te vergroten)
 +
 
 +
=== mIRC description ===
 +
Let's quote mIRC.com for some more detailed description:
 +
<blockquote>«Why the need for secure connections?
 +
mIRC is used by many organizations that need to communicate over secure connections, everything from corporate to governmental. Various educational organizations that provide online teaching also require communications to be secure for privacy purposes. Apart from that, many individuals around the world also depend on secure communications, whether for political, business, or other reasons. At the end of the day, it really depends on your own personal needs. If it’s not something that you think you need, then you probably don’t!»</blockquote>
 +
 
 +
== Howto ==
 +
In this section we will describe how you can install OpenSSL support on your pc and set it up in your client, and how to connect to our SSL capable port on our server.
 +
=== Install ===
 +
How to use SSL depends on the client you use.<br />
 +
Since most people on our network seem to use mIRC, I'll explain what is needed to get mIRC working with SSL.<br />
 +
First download the latest release of mIRC, which at time of writing is 6.16.<br />
 +
You now also need the OpenSSL libraries libeay32.dll and ssleay32.dll<br />
 +
You can either get them by installing OpenSLL from http://www.shininglightpro.com/products/Win32OpenSSL.html or by getting the two needed loose DLL files from: [[http://chat4all.org/~fixato/ssllibs(200601251532).zip My Chat4All Page]]<br />
 +
Then you should place the two DLL-files that are in the archive, inside your Windows\System32 directory if you want to have them globally available to all SSL supporting applications, or in your mIRC directory (probably ''c:\program files\mIRC\'') if you want them available just to mIRC.<br />
 +
When you now (re)start mIRC, an extra TAB with SSL information should've appeared under ''connect'' > ''options''<br />
 +
 
 +
=== Importing the CA certificate ===
 +
This step is optional, but is quite recommended.
 +
 
 +
We have generated our own Certificate Authority (CA) Certificate which which we sign our SSL certificates. This will provide the following:
 +
# You can be certain that the Chat4All staff has generated and signed the certificate being presented.
 +
# IRC clients should fully accept the certificate since it no longer is a simple self-signed certificate.
 +
# The certificate will no longer be rejected because it is signed by an unknown/untrusted Certificate Authority.
 +
# The certificate will automatically be trusted because you trust the CA.
 +
# We can change/renew the certificate for as long as the CA hasn't expired.
 +
# Clients that support a strict SSL verification will now also automatically accept our certificates. This way you'll be informed if suddenly something changes about the certificate.
 +
You can download the CA Certificate from [http://www.chat4all.net/|our website].
 +
 
 +
For details on how to import the CA into your IRC client, please read our separate [[SSL_CA_import_instructions|SSL CA Import instructions article]].
 +
This includes instructions on how to include it into [[SSL_CA_import_instructions#mIRC|mIRC]], [[SSL_CA_import_instructions#weechat|weechat]] and possibly other clients.
 +
 
 +
=== Connect ===
 +
To now connect to our server using a SSL connection, is now possible through one of these two ways.<br />
 +
The first is by the direct command:
 +
  '''/server irc.chat4all.net +7001'''
 +
Which will connect to our server at port 7001 (don't forget the '''''+'''''sign though, since that indicates it is a SSL port.)
 +
 
 +
The second way is to edit the server information.<br />
 +
From the ''File''-menu, you should select the '''Select Server''' (''alt-e'') option, which will open the mIRC Options at the Select Server tab.<br />
 +
There, select the Chat4All server from the server list (or add it yourself with the ADD button), and hit the ''Edit'' button.<br />
 +
It will probably read something like:<br />
 +
http://www.fixato.co.uk/projects/tutorials/images/performB2.png <br />
 +
although the exact names and ports listed might be a little different.<br />
 +
Now you can edit the port-range to either also include the +7001 port, or just replace all of the ports listed there with +7001 (again, don't forget the plus-sign).<br />
 +
Another way is to instead of Editting, Adding a new serverlisting which you can name something like Chat4All_ServerSSL and which will have just the +7001 port and the same ''group''-name as your regular Chat4all connection.<br />
 +
When finished adding or editting, hit the Connect button to connect to the server :)
 +
 
 +
== Extras ==
 +
When you are connected using a SSL connection, you can now join channels that have the channelmode +z<br />
 +
If a channel has the channelmode +z, it means that only people using a SSL connection, can join that channel.<br />
 +
A channelowner can set his room to +z (when no non-SSL-connected users are in the channel) with
 +
  /mode #channel +z
 +
 
 +
A new mode is now available to SSL users: ''user''mode +Z. <br />
 +
This will block all queries (private messages) from '''non-SSL''' users.
 +
This mode can be enabled using
 +
  /mode yourusername +Z
 +
 
 +
You will also receive the ''user''mode +z, which means you are on a SSL connection.<br />

Revision as of 16:14, 27 January 2011

SSL

SSL staat voor Secure Socket Layer (Beveiligde Socket Laag). In het kort: het is een veiligere manier van verbinden naar een server. Het is gebaseerd op het versleutelen van al het dataverkeer met een encryptie sleutel.

SSL werkt alleen wanneer alle betrokken partijen SSL ondersteunen, aangezien ze anders niet zouden begrijpen wat er 'gezegd' wordt door de ander. Aangezien de Chat4All chatservers sinds 2004 SSL verbindingen ondersteunen, kan je nu ook met ons IRC netwerk verbinden met een SSL-ondersteunende IRC client op poort +7001.

Voordelen

Over het algemeen zouden chatters niet echt SSL nodig hebben, tenzij ze behoefte hebben aan een extra gevoel van privacy, of omdat ze vermoeden dat iemand in hun 'subnet' aan het afluisteren is. Dit kan zeker handig zijn wanneer het gaat om versturen van wachtwoorden, bijvoorbeeld bij het inloggen op NickServ of ChanServ.

Met normale verbindingen kan iedereen die je computer gehacked heeft, of op hetzelfde subnet zit, 'luisteren' naar alle informatiepakketen die over je netwerk-/internet-verbinding verstuurd wordt. Utilities zoals Ethercap, Ethereal en Wireshark lezen deze datapakketten gewoon als de platte tekst die over je lijn verzonden wordt, en in het geval dat er geen encryptie is, kunnen ze dus zo achter je wachtwoorden en accountgegevens komen. Hier zie je bijvoorbeeld het programma Ethereal in actie over een NIET-beveiligde verbinding: Image:Ssl_unencrypted.png (klik om te vergroten)

Echter, wanneer iemand je verbinding aftapt terwijl je SSL gebruikt, zullen ze alleen de geencodeerde data kunnen zien, wat eruitziet als onzin voor hun, aangezien ze dat niet makkelijk kunnen decoderen. Zo ziet Ethereal bijvoorbeeld data over een SSL verbinding: Image:Ssl_encrypted.png (klik om te vergroten)

mIRC description

Let's quote mIRC.com for some more detailed description:

«Why the need for secure connections? mIRC is used by many organizations that need to communicate over secure connections, everything from corporate to governmental. Various educational organizations that provide online teaching also require communications to be secure for privacy purposes. Apart from that, many individuals around the world also depend on secure communications, whether for political, business, or other reasons. At the end of the day, it really depends on your own personal needs. If it’s not something that you think you need, then you probably don’t!»

Howto

In this section we will describe how you can install OpenSSL support on your pc and set it up in your client, and how to connect to our SSL capable port on our server.

Install

How to use SSL depends on the client you use.
Since most people on our network seem to use mIRC, I'll explain what is needed to get mIRC working with SSL.
First download the latest release of mIRC, which at time of writing is 6.16.
You now also need the OpenSSL libraries libeay32.dll and ssleay32.dll
You can either get them by installing OpenSLL from http://www.shininglightpro.com/products/Win32OpenSSL.html or by getting the two needed loose DLL files from: [My Chat4All Page]
Then you should place the two DLL-files that are in the archive, inside your Windows\System32 directory if you want to have them globally available to all SSL supporting applications, or in your mIRC directory (probably c:\program files\mIRC\) if you want them available just to mIRC.
When you now (re)start mIRC, an extra TAB with SSL information should've appeared under connect > options

Importing the CA certificate

This step is optional, but is quite recommended.

We have generated our own Certificate Authority (CA) Certificate which which we sign our SSL certificates. This will provide the following:

  1. You can be certain that the Chat4All staff has generated and signed the certificate being presented.
  2. IRC clients should fully accept the certificate since it no longer is a simple self-signed certificate.
  3. The certificate will no longer be rejected because it is signed by an unknown/untrusted Certificate Authority.
  4. The certificate will automatically be trusted because you trust the CA.
  5. We can change/renew the certificate for as long as the CA hasn't expired.
  6. Clients that support a strict SSL verification will now also automatically accept our certificates. This way you'll be informed if suddenly something changes about the certificate.

You can download the CA Certificate from website.

For details on how to import the CA into your IRC client, please read our separate SSL CA Import instructions article. This includes instructions on how to include it into mIRC, weechat and possibly other clients.

Connect

To now connect to our server using a SSL connection, is now possible through one of these two ways.
The first is by the direct command:

 /server irc.chat4all.net +7001

Which will connect to our server at port 7001 (don't forget the +sign though, since that indicates it is a SSL port.)

The second way is to edit the server information.
From the File-menu, you should select the Select Server (alt-e) option, which will open the mIRC Options at the Select Server tab.
There, select the Chat4All server from the server list (or add it yourself with the ADD button), and hit the Edit button.
It will probably read something like:
http://www.fixato.co.uk/projects/tutorials/images/performB2.png
although the exact names and ports listed might be a little different.
Now you can edit the port-range to either also include the +7001 port, or just replace all of the ports listed there with +7001 (again, don't forget the plus-sign).
Another way is to instead of Editting, Adding a new serverlisting which you can name something like Chat4All_ServerSSL and which will have just the +7001 port and the same group-name as your regular Chat4all connection.
When finished adding or editting, hit the Connect button to connect to the server :)

Extras

When you are connected using a SSL connection, you can now join channels that have the channelmode +z
If a channel has the channelmode +z, it means that only people using a SSL connection, can join that channel.
A channelowner can set his room to +z (when no non-SSL-connected users are in the channel) with

 /mode #channel +z

A new mode is now available to SSL users: usermode +Z.
This will block all queries (private messages) from non-SSL users. This mode can be enabled using

 /mode yourusername +Z

You will also receive the usermode +z, which means you are on a SSL connection.