ERC is fully equipped to connect to SSL/TLS-enabled servers (e.g. OFTC and Freenode) however, Certificate Authentication support is rather untested.
For the purposes of this guide, head on over to the following OFTC page to get an idea on how to create the necessary certificates
To get started, ensure that SSL/TLS support is enabled in your emacs init file:1
2
3
(require 'tls)
(require 'erc)
This allows us to set the tls-program variable that calls external tools openssl
or gnutls-cli
to perform the actual connection.
To see how the variable is initally defined: [F1] V tls-program
You’ll notice that there are several options for tls-program
. tls-program
will cycle through the commands until a connection is established with the fallback.
Note that while you can add CA-chain and accompanying keys to gnutls-cli
, ERC may fail to recognise them, and will proceed to create the secure connection using gnutls without certificate authentication.
I personally use OpenSSL:
1 |
|
Please note that your distro’s implementation of libgnutls may also be unsuitable for CA-chaining.
Use of gnutls-cli
is recommended for the future as most linux projects have sought to replace openssl dependencies with gnutls.
Now, assuming you’ve already enabled ‘erc, we can continue to work with the supplied erc-tls command:
1 |
|
This will establish connection to OFTC on port 6697 (SSL), but more importantly, it will allow us to use certificates for transparent Nickserv auth.
; M-x start-irc
Enjoy your SSL-encrypted IRC session!