Eggdrop + SSL @ Debian 5.0 openssl + libssl-dev installed

fawkes · Post by **fawkes** » Sat Nov 06, 2010 7:15 pm

Hi egghelpers,

i have a problem with eggdrop 1.6.18, 1.6.19, 1.6.20 and 1.8 ... they all arent able to connect to a ssl ircd(yes i used the patches for 1.6 versions).
the funny thing is, that they all give out the same error:
SSL error: error:00000000:lib(0):func(0):reason(0)

here a more detailed error (eggdrop1.

Code: Select all

[00:07:34] Versuche Server [heart.de.eu.phat-net.de]:+6697
[00:07:34] DNS Resolver: Creating new record
[00:07:34] DNS Resolver: Sent domain lookup request for "heart.de.eu.phat-net.de".
[00:07:34] DNS Resolver: Received nameserver reply. (qd:1 an:0 ns:1 ar:0)
[00:07:34] DNS Resolver: answered domain query: "phat-net.de"
[00:07:34] DNS Resolver: Received nameserver reply. (qd:1 an:1 ns:0 ar:0)
[00:07:34] DNS Resolver: answered domain query: "heart.de.eu.phat-net.de"
[00:07:34] DNS Resolver: TTL: 23h56m39s
[00:07:34] DNS Resolver: TYPE: A: host address
[00:07:34] DNS Resolver: Lookup successful: heart.de.eu.phat-net.de
[00:07:34] DNS resolved heart.de.eu.phat-net.de to 85.214.139.254
[00:07:34] TLS: attempting SSL negotiation...
[00:07:34] TLS: handshake in progress
[00:07:34] SSL error: error:00000000:lib(0):func(0):reason(0)
[00:07:34] net: eof!(read) socket 7
[00:07:34] Verbindung getrennt von heart.de.eu.phat-net.de

hopefully you can help me

Fawkes

edit1:

Code: Select all

user@shell:$ /usr/bin/openssl version -a
OpenSSL 0.9.8g 19 Oct 2007
built on: Thu Aug 26 18:10:01 UTC 2010
platform: debian-amd64
options:  bn(64,64) md2(int) rc4(ptr,char) des(idx,cisc,16,int) blowfish(ptr2)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall -DMD32_REG_T=int -DMD5_ASM
OPENSSLDIR: "/usr/lib/ssl"

pseudo · Post by **pseudo** » Sat Nov 06, 2010 7:49 pm

Code: Select all

openssl s_client -connect heart.de.eu.phat-net.de:6697
connect: Connection refused
connect:errno=111

This server is simply not accepting connections on this port. No patch or program would be able to connect

6697 isn't really a standard, you must first check if the server supports SSL and which ports are listening for SSL. A good place for this is the server's MOTD (/motd servername).

Let's read it: http://irc.netsplit.de/servers/heart.de.eu.phat-net.de/

The motd tells us that it's listening for SSL connections on port 6670, so that's what you should be using

fawkes · Post by **fawkes** » Sat Nov 06, 2010 7:52 pm

well yes your right ... typo :/
ircd supports it on port 6670 ... i should have known this, since i set that ircd up :/

pseudo · Post by **pseudo** » Sat Nov 06, 2010 7:56 pm

Does it work now?

fawkes · Post by **fawkes** » Sat Nov 06, 2010 8:04 pm

yes thank you

WazzaUK · Post by **WazzaUK** » Sun Jul 06, 2014 8:22 pm

Most IRCD have SSL open on port +6697 < note the plus - usually indicates a SSL enabled port. Im using Eggdrop 1.8.0 pre-init TLS enabled - connects to every SSL server ive tried. Botnet even connects via TLS.

01:11 WazBOT • [01:11:52] Trying server [irc.p2p-network.net]:+6697
01:11 WazBOT • [01:11:54] TLS: handshake successful. Secure connection established.
01:11 WazBOT • [01:11:54] TLS: certificate subject: OU=Domain Control Validated, CN=irc.p2p-network.net
01:11 WazBOT • [01:11:54] TLS: certificate issuer: C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
01:11 WazBOT • [01:11:54] TLS: certificate MD5 Fingerprint: 68:2F:9C:CD:2D:E4:DF:CC:7E:32:B5:27:3A:49:B0:D1
01:11 WazBOT • [01:11:54] TLS: certificate SHA1 Fingerprint: FD:DF:42:79:32:DE:FC:81:5D:A9:8F:5C:24:CD:3B:5A:96:70:C7:14
01:11 WazBOT • [01:11:54] TLS: certificate valid from Apr 9 23:55:03 2014 GMT to Mar 15 16:48:01 2016 GMT
01:11 WazBOT • [01:11:54] TLS: cipher used: AES256-GCM-SHA384 TLSv1/SSLv3; 256 bits (256 secret)
01:11 WazBOT • [01:11:54] Connected to irc.p2p-network.net
01:11 WazBOT • [01:11:54] -NOTICE- *** Looking up your hostname...
01:11 WazBOT • [01:11:54] -NOTICE- *** Checking ident...
01:11 WazBOT • [01:11:54] -NOTICE- *** No ident response; username prefixed with ~
01:11 WazBOT • [01:11:54] -NOTICE- *** Found your hostname
01:11 WazBOT • [01:11:55] [IRC-NETWORK] :: [SECURESERVER-CONNECTION] :: [YES] :: [irc.p2p-network.net:+6697 tornado.us.p2p-network.net]
01:11 WazBOT • [01:11:55] -NOTICE- *** You are connected to tornado.us.p2p-network.net with TLSv1.2-AES256-GCM-SHA384-256bits

And two SSL Eggdrops connected on different SSL enabled networks...

01:16 VeryRetarded • [01:16:42] Linking to WazBOT at 127.0.0.1:6040 ...
01:16 VeryRetarded • [01:16:43] Got STARTTLS from WazBOT. Replying...
01:16 VeryRetarded • [01:16:43] Received challenge from WazBOT... sending response ...
01:16 VeryRetarded • [01:16:43] TLS: handshake successful. Secure connection established.
01:16 VeryRetarded • [01:16:43] TLS: certificate subject: C=UK, ST=Northants, L=Northampton, O=WazBOT is a GIMP, OU=Gaylords, CN=wazbot.net, emailAddress=wallison_uk@yahoo.co.uk
01:16 VeryRetarded • [01:16:43] TLS: certificate issuer: C=UK, ST=Northants, L=Northampton, O=WazBOT is a GIMP, OU=Gaylords, CN=wazbot.net, emailAddress=wallison_uk@yahoo.co.uk
01:16 VeryRetarded • [01:16:43] TLS: certificate MD5 Fingerprint: B1:4F:7A:C5:17:4F:44:FE:58:74:E4:2F:31:2F:7D:14
01:16 VeryRetarded • [01:16:43] TLS: certificate SHA1 Fingerprint: 9F:D8:C4:69:1E:36:0F:E6:66:3F:80:DF:A6:59:72:94:03:43:50:CE
01:16 VeryRetarded • [01:16:43] TLS: certificate valid from May 12 11:58:02 2014 GMT to May 12 11:58:02 2015 GMT
01:16 VeryRetarded • [01:16:43] TLS: cipher used: AES256-GCM-SHA384 TLSv1/SSLv3; 256 bits (256 secret)
01:16 VeryRetarded • [01:16:43] Linked to WazBOT.
01:16 VeryRetarded • *** Linked to WazBOT

Note ive noticed people having issues with DNS...