Explicitly drop SSLv3 connections (SSL_OP_NO_SSLv3) - might break TLS-ca...

[pgodschalk]

...pable clients that still depend on SSLv23 handshake

[pgodschalk]

[13:18:45] <Sput> Argure: current versions of Quassel try TLS first

Off the top of my head, of major irc clients only ancient KVirc builds on Windows still use SSLv23 handshakes now that quassel defaults to tls.

[kaniini]

What is mIRC's behaviour? We don't want to break that one.

[MrBenC]

I implemented a similar fix in a Charybdis fork about a couple weeks ago. https://bitbucket.org/chatlounge/chatircd/commits/49bb7f67d5479a624bb029eec432fc2c50ae3de0#chg-libratbox/src/openssl.c

Before pushing the commit, I tested the behavior with several different clients, including mIRC (also HexChat, Irssi, WeeChat, and ZNC). It will connect and as far as I can tell, everything works as it should.

Ben

[attilamolnar]

FYI, xchat breaks due to http://sourceforge.net/p/xchat/svn/HEAD/tree/src/common/ssl.c#l73

[kaniini]

Is xchat relevant anymore now that HexChat has taken it's place?

[jlu5]

XChat still exists, I know some people that still use it as their client (not something I'd recommend in 2014 but still). A lot of Linux distros still carry packages of it, with varying degrees of patch-work done.

[aaronmdjones]

I had this problem fixed in HexChat months back. It's literally a 2-character patch. It shouldn't be hard to get those devs to do the same.