Darkfang Archive (preview) // Info

What is SSL?

SSL provides encryption to your IRC connection, preventing anyone between your computer and the IRC server from being able to intercept and read your messages.

Where possible, you should be using SSL if the IRC server supports it.

To use SSL, make sure you've entered the SSL ports in the ports of the server, and you probably need to turn an SSL setting on.

Keep in mind that SSL does not necessarily protect the entire conversation - only your connection to it.

Other people connected to the server may not be using SSL, meaning your messages will be going to them unencrypted. Even if everyone is using SSL, you still need to be able to trust everyone in the chat, and the people who own the IRC server for it to be truly secure.

SSL is great, but it's just a good idea to understand its limitations.

What is a self-signed SSL certificate?

What an SSL certificate is

All SSL connections use certificates as a method to verify the trustworthiness of the places being connected to. (as discussed later, it's not a very good system with IRC)

There are organisations called certificate authorities who sign certificates on the behalf of organisations and people such as those who run IRC servers for a (rather substantial) sum of money. What this is meant to do is to verify the identity of that person, because it means that a 3rd party can vouch for that identity.

Most software and apps check SSL certificates to see if it is signed by a third party authority. If they are, then they are considered 'valid'.

SSL certificates can be signed by the person themselves, and this is called a self-signed certificate. In the case of IRC servers, this is very common, because getting a certificate signed can be expensive and unecessary.

Why knowing what SSL certificates are self-signed is important

Self-signed certificates often show up as 'invalid' on a lot of software. This is only a measure of heavy protection - it does not mean your encryption is compromised, it only means that the place you're connecting to has an identity that is not vouched for by an official 3rd-party authority.

It's important to know what is self-signed because most software will only let you connect if you have a setting generally called 'accept invalid SSL certificates' turned on in the server's settings.