Irssi with SSL/TLS and SASL

irssi | irssi servers | irssi chatnets | irc servers

Introduction

the easy way to find out about the fingerprints is to connect without ssl verification to begin with

17:48:33 [ircnet] *** Irssi: Public Key Fingerprint:  
      43:D8:8E:65:76:2F:3E:14:E3:8E:CA:C3:05:86:10:B5:F2:E7:08:77:7A:0A:EF:CF:BC:39:2B:27:86:77:54:82 (SHA256)
17:48:33 [ircnet] *** Irssi: Certificate Fingerprint: 
      1B:A0:33:B9:F9:65:79:34:9E:AB:F4:56:CD:02:3D:0C:26:F1:A3:D8:33:EF:0C:25:1B:E1:01:DB:93:A2:E7:E4 (SHA256)

Networks & SASL

cd ~/.irssi/
vi config

servers = (
  {
    address = "ssl.efnet.org";
    chatnet = "efnet";
    port = "9999";
    use_tls = "yes";
    tls_verify = "no";
    tls_pinned_pubkey = "EC:A0:C9:A7:9F:A7:C4:0E:92:50:5D:5A:A9:5A:8A:74:62:D3:B7:6C:50:24:3D:D4:03:61:3F:26:4F:BC:57:AF";
    tls_pinned_cert = "6D:1B:AC:11:45:DA:3B:7B:CB:BC:45:C6:7B:74:14:8A:43:A6:9A:18:C0:D5:F7:F7:8E:0D:9F:7D:44:44:1F:0D";
    autoconnect = "no";
  },
  {
    address = "ssl.irc.atw-inter.net";
    chatnet = "ircnet";
    port = "6697";
    use_tls = "yes";
    tls_verify = "no";
    tls_pinned_pubkey = "43:D8:8E:65:76:2F:3E:14:E3:8E:CA:C3:05:86:10:B5:F2:E7:08:77:7A:0A:EF:CF:BC:39:2B:27:86:77:54:82";
    tls_pinned_cert = "1B:A0:33:B9:F9:65:79:34:9E:AB:F4:56:CD:02:3D:0C:26:F1:A3:D8:33:EF:0C:25:1B:E1:01:DB:93:A2:E7:E4";
    autoconnect = "yes";
  },
  {
    address = "irc.libera.chat";
    chatnet = "libera";
    port = "6697";
    use_tls = "yes";
    tls_verify = "yes";
    ssl_cafile = "/etc/ssl/cacert.pem";
    autoconnect = "yes";
  }
  {
    address = "irc.oftc.net";
    chatnet = "oftc";
    port = "6697";
    use_tls = "yes";
    tls_verify = "yes";
    ssl_cafile = "/etc/ssl/cacert.pem";
    autoconnect = "yes";
  },
  {
    #address = "autrechose.evolu.net";
    address = "autrement.evolu.net";
    chatnet = "online";
    port = "6697";
    use_tls = "yes";
    tls_verify = "no";
    tls_pinned_pubkey = "A3:B3:49:0B:E0:31:7B:4B:EF:6D:AE:A2:92:3E:99:54:3C:CA:D7:63:F0:34:D9:D6:CE:A5:15:5B:CC:30:A0:E9";
    tls_pinned_cert = "CA:FC:EC:98:7B:FB:BC:C6:64:08:50:3F:DF:9F:68:C1:53:44:50:1D:4B:D5:96:6C:34:52:40:50:5C:1B:96:A3";
    autoconnect = "yes";
  }
);

Additional notes

custom trust store

    server = (
    {
            ...
            #ssl_capath = "/etc/ssl/certs";
            ssl_cafile = "/etc/ssl/cacert.pem";
    },

Resources

https://irssi.org/documentation/help/connect/

https://irssi.org/documentation/help/server/


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun