search

sshirokov / ZNC.el

Make ERC and ZNC get along more goodest.
MIT License
56 stars 20 forks source link

Connecting to ZNC via SSL IRC client not working #36

Closed farynaio closed 3 years ago

farynaio commented 3 years ago

I try to connect to ZNC server via SSL by znc-erc command. I can connect to ZNC without SSL with no problem. But when I try to connect via SSL I get "Opening Connection.." message which lasts forever.

My ZNC config:

AnonIPLimit = 10
AuthOnlyViaModule = false
ConfigWriteDelay = 0
ConnectDelay = 5
HideVersion = false
LoadModule = adminlog
MaxBufferSize = 500
ProtectWebSessions = true
SSLCertFile = /home/znc/.znc/znc.pem
SSLCiphers = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLDHParamFile = /home/znc/.znc/znc.pem
SSLKeyFile = /home/znc/.znc/znc.pem
SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2
ServerThrottle = 30
Skin = _default_
StatusPrefix = *
Version = 1.7.2

<Listener listener0>
    AllowIRC = true
    AllowWeb = false
    IPv4 = true
    IPv6 = false
    Port = 34112
    SSL = true
    URIPrefix = /
</Listener>
...

TLS config:

  (require 'tls nil t)
  (setq tls-program
    '("gnutls-cli --x509cafile %t -p %p %h"
      "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
      "gnutls-cli --priority secure256 -p %p %h"))

Any idea what may be wrong?

strugee commented 3 years ago

Have you tried connecting with just ERC? I have no problems connecting to a TLS-enabled ZNC with this library.

strugee commented 3 years ago

SSL = false

Could that be it?

farynaio commented 3 years ago

SSL = false

Could that be it?

Sorry, I switched to SSL = false already to keep using ZNC, but it is set to true when I try to figure SSL that out. I will amend my post to prevent further confusions.

Yes, ERC is connecting just fine to networks alone, and to no-SSL ZNC. The ZNC is connecting via TLS to the networks without problems as well.

The problem is to connect IRC client to ZNC over SSL.

strugee commented 3 years ago

Right, but what I'm asking is, did you try manually connecting to your ZNC with ERC? I.e. instead of doing M-x znc-erc RET, try M-x erc RET and then manually enter your ZNC details (so for the hostname, etc., put znc.example.com or whatever). Can you connect over SSL/TLS with other IRC clients?

farynaio commented 3 years ago

Yes, I tried, and as I said connecting to ZNC via ERC without SSL works without any problems.

I tried connecting with SSL via Circe, the effect was the same - permanent "Opening Connection..".

I added TLS config I use on Emacs part to the top post.

farynaio commented 3 years ago

Problem solved thanks to #erc channel users. The cause of the issue was too strict network configuration in Emacs which blocked self signed incomming certs.

strugee commented 3 years ago

Nice. I kinda suspected you had an ERC problem and not a znc.el problem but I forgot to reply to this :P

farynaio commented 3 years ago

No worries, thanks for help.