This site is deprecated; docs have moved to!

STARTTLS Documentation

From the makers of InspIRCd.
Revision as of 12:37, 24 May 2008 by Brain (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

In 1.2 of InspIRCd, clients may send STARTTLS before client registration to switch a plaintext socket to GNUTLS mode. After this point, the server expects the TLS handshake. No further plaintext should be sent and there is no way to revert back to plaintext after this point.

To detect STARTTLS capability, the client should implement the CAP extension and check CAP LS for the 'tls' capability. If this is available, then STARTTLS can be used. If it is not available the client must remain plaintext or fall back on a dedicated SSL port.