TLS negotiation failure - Eggdrop 1.8.0

[nabbelol]

I'm struggling with this error:

Code: Select all

[21:15:14] Failed connect to irc.server2.net (TLS negotiation failure)
[21:16:14] Trying server [irc.server.org]:+7000
[21:16:14] TLS: attempting SSL negotiation...
[21:16:14] TLS: state change: before/connect initialization
[21:16:14] TLS: state change: before/connect initialization
[21:16:14] TLS: state change: SSLv2/v3 write client hello B
[21:16:14] Failed connect to irc.server.org (TLS negotiation failure)

It is compiled with SSL of course, and I can connect to the bot using SSL without any problems using openssl client.

Code: Select all

# openssl s_client -connect localhost:4000

* I have tired several different servers on different networks.
* Using a IRC client that supports SSL with these servers work.
* Making the key and crt using make sslcert, and manually like described in doc/TLS file..
* .console +rv gives me no more info then posted.
* I have used 1.8.0 with SSL before on another shell without any problems. So i tried with the same conf, crt and key file, and i still get this error.

After searching google and this forum, I seem to be the only one having this problem, maybe i forgot something obvious ?

Or maybe anybody else have had this problem? Any hints? I'm really clueless and cant think of anything else to try...

Code: Select all

set ssl-privatekey "eggdrop.key"
set ssl-certificate "eggdrop.crt"
set ssl-capath "/etc/ssl/"
set ssl-ciphers "ALL"
set ssl-verify-bots 11
set ssl-verify-clients 11

[pseudo]

Looks OK, but what are these servers? Do they work with some SSL-enabled IRC client?

If possible, come at #eggdrop @ Undernet (our official channel) in order to communicate this more efficiently. Just come there, mention your problem and wait a while. I'll try to help.

[nabbelol]

Looks OK, but what are these servers? Do they work with some SSL-enabled IRC client?

I tested linknet and EFnet servers that have SSL enabled. And using a IRC client with the same servers work from my home connection.

I'm gonna try to install a BNC or just a irc client on the server, and see if that can connect :)

[nabbelol]

Installed Irssi and connected to 3 different ssl enabled irc servers without any problem. So it must be something with my Eggdrop build.

I will try to investigate more next weekend, maybe join the eggdrop channel as you wanted. If i find out what causes this ill update this thread :)

[Relnah]

Hi!
Did you every figure out the problem? I'm having almost identical problem.
All the same symptoms but slightly different log.
[09:03:54] Trying server [leguin.freenode.net]:+6697
[09:03:54] TLS: attempting SSL negotiation...
[09:03:54] TLS: state change: before/connect initialization
[09:03:54] TLS: state change: before/connect initialization
[09:03:54] TLS: state change: unknown state
[09:03:54] Failed connect to leguin.freenode.net (TLS negotiation failure)

I too can connect to the bot with openssl s_client -connect ...

Any insights are much appreciated, I'm at a total loss here.

Regards,
Relnah

[Relnah]

I finally solved my problem.
Apparently the eggdrop can't resolve DNS properly when running on my Raspberry Pi, I'm not sure why. Even if I set dns IPs in the conf it won't work.
When setting the IRC-server to it's IP all goes well.

[WazzaUK]

I got eggdrop 1.8.0 with TLS connecting to servers via SSL port +6697 - no problems.

[06:29:47] Trying server [irc.p2p-network.net]:+6697
[06:29:50] TLS: handshake successful. Secure connection established.
[06:29:50] TLS: certificate subject: OU=Domain Control Validated, CN=irc.p2p-network.net
[06:29:50] TLS: certificate issuer: C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
[06:29:50] TLS: certificate MD5 Fingerprint: 68:2F:9C:CD:2D:E4:DF:CC:7E:32:B5:27:3A:49:B0:D1
[06:29:50] TLS: certificate SHA1 Fingerprint: FD:DF:42:79:32:DE:FC:81:5D:A9:8F:5C:24:CD:3B:5A:96:70:C7:14
[06:29:50] TLS: certificate valid from Apr 9 23:55:03 2014 GMT to Mar 15 16:48:01 2016 GMT
[06:29:50] TLS: cipher used: AES256-GCM-SHA384 TLSv1/SSLv3; 256 bits (256 secret)
[06:29:50] Connected to irc.p2p-network.net

I take it u created the certificate and key files. Thats the whole point.