logs archiveIRC Archive / Oftc / #tor / 2015 / October / 7 / 1
pi___
I'm having difficulty getting SSL to OFTC. Is there a way to avoid exit nodes which would block ssl automatically?
evilolive
there shouldn't be any that block TLS
pi___
so I'm running a hidden service but also followed the Appelbaum tutortial. might there be a conflict there?
cacahuatl
Nope, probably something wrong in your client.
(IRC client)
Why do you think the exit is blocking SSL?
pi___
So the message I get is a handshake fail, server closed unexpectedly
cacahuatl
And where are you trying to connect to?
pi___
I'm just trying to connect to OFTC with irssi over SSL
cacahuatl
Okay, but what hostname and port?
pi___
irc.oftc.net port:6697
         

cacahuatl
and you've set ssl_enabled="yes"; and whatever else in the irssi config?
(Where is this tutorial?)
pi___
per the tutorial based on Jacob Appelbaum's writeful found here: https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/irssi
cacahuatl
I don't think Jake actually wrote all of that but a much easier solution (and preferable solution)
would be to use torsocks
`torsocks irssi ...` from the command line
pi___
I think this was only based on his writeup
cacahuatl
A lot of that wiki is old, transproxying is also generally not recommended
Use torsocks
pi___
alright, I'm going to try that. Thanks for the info!
k370
i am new to linux for me evry ting is new
i ill apreciate help to configure tor and the server thttps
pi___
Okay, I think I figured it out, this has been an ongoing program for a long time. I think I'm experiencing symptoms of a MitM attack.
Sorry, I'll take it to #nottor but this would explain why i'm unable to establish an SSL connection.
noprivs
I can connect to OFTC with Tor OR I can connect to OFTC with SSL but I can't connect to OFTC with SSL through Tor. Thoughts?
evilolive
are you using the right port?
noprivs
since I have to ask which port you mean me guess would be no
thorazine
noprivs: why bother with ssl over tor?
noprivs: tor already does transport encryption
or do you mean not as a hidden service
ncl
only through tor itself
oftc does not have a hidden service
noprivs
my concern would be between the exit node and OFTC's servers
thorazine
i'm so used to hidden service ircds, nevermind me
evilolive
oftc TLS port is 6697
noprivs
yeah, that's the one I'm trying to use.
cacahuatl
if you do `torsocks openssl s_client -connect irc.oftc.net:6697` what happens?
noprivs
I can connect to 6667 with Tor but not 6697
libtorsocks dumbs a bucnh of errors then it tries to connect
eventually I get "Counldn't look up your hostname" and then "Closing Link (Registration timed out)"
evilolive
o you have to disable cert check as oftc uses a self signed cert
         

cacahuatl
So you can infact connect to oftc over TLS
And there's something wrong with your irc client or config
noprivs
indeed, just not through Tor
cacahuatl
no you just did with `torsocks openssl ...`
that did TLS over Tor
noprivs
I've noticed that the debian release of irssi is from 2010, might be related
oh, I see what you mean
cacahuatl
So I'd revisit your irssi config
noprivs
you were saying a have to disable cert check could you clarify on this? I have the spi certificate
cacahuatl
you should end up with a config line like: '{ address = "irc.oftc.net"; chatnet = "OFTC"; port = "6697"; use_ssl = "yes"; },'
and then I don't irssi so I dunno how to give it the oftc root cert to verify it with
Peng
urgh
-ssl_verify -ssl_capath /etc/ssl/certs/ might work, or download the cert and -ssl_verify -ssl_cafile ~/.irssi/whatever.pem
evilolive
on your irc client disable cert checking
cacahuatl
Don't
Peng
evilolive: eww
evilolive
or download it and add it your cert db locally
noprivs
openssl -ssl_verify -sslcapath ~/.irssi/spi.pem
oops, wrong window
velope
yeah, the oftc cert is not self-signed, it is signed by the SPI CA, as documented on the website
and your problem is a common one specific to irssi
ncl
what does irssi do
velope
it does simultaneous tls and proxy poorly
noprivs
also, I'm using a version from 2010
which probably doesn't help
I feel that I have a better problem of what the problem is and isn't. I'll see if I have any luck with a better client. Thanks!
ryonaloli_
memory and cpu-wise, is freebsd or debian linux better for a tor relay?
woosa
yo ryonaloli_
ryonaloli_
yo
i got a cheap server with 1 GiB memory, 100 mbit unlimited, with a single KVM CPU, and i'm wondering if i shoudl go with debian or freebsd
i personally "prefer" linux to freebsd, because of freebsd lacking ASLR and all that... but i care most about what can utilize the resources i have the most
woosa
ryonaloli_: i think somebody in #nottor said fbsd was getting aslr
ryonaloli_
it is, but it does not have it yet
quite
ryonaloli_: 1GB memory is really plenty, anyway. i'd say don't worry. but chose a lean linux dist, by all meas
n
ryonaloli_
too late, already went with freebsd
quite
np
ryonaloli_
as long as it doesn't have zfs i guess :/
s/have/use/
slackie
(Action) hi there \o
johnsonSteward
Hi, why I can't connect to .onion sites?
ryonaloli_
because you touch yourself at night
(seriously though, you need to give more details))
johnsonSteward
I keep getting empty response..
ryonaloli_
e.g. what are you trying to connect from? what OS? have you tried multiple onion sites?
try facebookcorewwwi.onion
johnsonSteward
I'm on Android using orbot
In China using obfs4
ryonaloli_
can you connect to that facebok url?
johnsonSteward
Yes
Although I get an invalid certificate
ryonaloli_
then you have no troubles connecting to .onion sites
all that is happening is the onion site you want to connect to is down, or slow
johnsonSteward
But.. Most sites on thehiddenwiki
I can't connect to them
ryonaloli_
most sites on the hidden wiki *are* down :P
they come up, and go down
they're constantly in a state of flux
« prev 1 2 3 next »