Forum » Programska oprema » InspIRCd-3.3.0 - Delujoč config za ssl/tls?
InspIRCd-3.3.0 - Delujoč config za ssl/tls?
HotBurek ::
Pozdravljeni.
Zanima me, če je komu že uspelo postavit InspIRCd-3.3.0 z configom, ki omogoča enkripcijo?
Certifikati so "pravilni", ker če jih uporabim v Nginx, delajo.
Konfiguracijo berem od tu:
https://docs.inspircd.org/3/modules/ssl...
Tole je delna trenutna konfiguracija inspircd.conf:
V log fajlu ni neke detajlne razlage, zakaj ne dela:
Če poženem:
openssl s_client -connect irc.some-server.cum:6697
Dobim:
Prav tako v log fajlu ni error-jev, da kakega fajla ne more prebrati (prej sem to imel, pa sem popravil v apparmor). V syslog-u tudi nič ni.
Connection na port 6667 dela normalno.
Zanima me, če je komu že uspelo postavit InspIRCd-3.3.0 z configom, ki omogoča enkripcijo?
Certifikati so "pravilni", ker če jih uporabim v Nginx, delajo.
Konfiguracijo berem od tu:
https://docs.inspircd.org/3/modules/ssl...
Tole je delna trenutna konfiguracija inspircd.conf:
# add module
<module name="ssl_gnutls">
# fix binding
#<bind address="127.0.0.1" port="6667" type="clients">
<bind address="1.2.3.4" port="6667" type="clients">
<bind address="1.2.3.4" port="6697" type="clients" ssl="gnutls">
# add for gnutls
<sslprofile name="clients"
provider="gnutls"
cafile="/var/certificates/letsencrypt-full-chain.pem"
certfile="/var/certificates/irc.some-site.cum.pem"
crlfile=""
dhfile="/etc/inspircd/dhparam.pem"
hash="sha256"
keyfile="/var/certificates/irc.some-site.cum.key"
mindhbits="1024"
outrecsize="1024"
priority="NORMAL"
requestclientcert="no"
strictpriority="no">
# add logging
<log method="file"
type="*"
level="rawio"
target="/var/log/inspircd/inspircd.log"
flush="1">
V log fajlu ni neke detajlne razlage, zakaj ne dela:
Wed Sep 25 2019 11:30:57 SOCKET: Error on FD 8 - 'Connection closed' Wed Sep 25 2019 11:30:57 USERS: QuitUser: 507AAAABH=507AAAABH 'Connection closed' Wed Sep 25 2019 11:30:57 USEROUTPUT: C[507AAAABH] O ERROR :Closing link: (507AAAABH@some-dns-pointer...) [Connection closed] Wed Sep 25 2019 11:30:57 SOCKET: DoWrite on errored or closed socket Wed Sep 25 2019 11:30:57 SOCKET: Remove file descriptor: 8
Če poženem:
openssl s_client -connect irc.some-server.cum:6697
Dobim:
CONNECTED(00000003) 140530471437440:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 304 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---
Prav tako v log fajlu ni error-jev, da kakega fajla ne more prebrati (prej sem to imel, pa sem popravil v apparmor). V syslog-u tudi nič ni.
Connection na port 6667 dela normalno.
root@debian:/# iptraf-ng
fatal: This program requires a screen size of at least 80 columns by 24 lines
Please resize your window
fatal: This program requires a screen size of at least 80 columns by 24 lines
Please resize your window
Vredno ogleda ...
| Tema | Ogledi | Zadnje sporočilo | |
|---|---|---|---|
| Tema | Ogledi | Zadnje sporočilo | |
| » | Davčne blagajne (strani: 1 2 3 4 … 24 25 26 27 )Oddelek: Programiranje | 319816 (59819) | Macketina |
| » | Zanimiv ...hm... problemOddelek: Programska oprema | 2257 (1752) | poweroff |
| » | [Python] HTTPS na desktopu dela, na Arduinu neOddelek: Programiranje | 1318 (931) | N4g4c3N |
| » | Preverjanje veljavnosti certifikata na usmerjevalnikuOddelek: Omrežja in internet | 2723 (2392) | xardas |
| » | [Ubuntu server] mail poslan iz serverja zazna kot vsiljeno pošto (strani: 1 2 )Oddelek: Omrežja in internet | 8644 (7614) | shorvat |