1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
|
<!DOCTYPE html>
<html lang="en" data-content_root="../">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Enabling TLS Security on Eggdrop — Eggdrop 1.10.1rc2 documentation</title>
<link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=03e43079" />
<link rel="stylesheet" type="text/css" href="../_static/eggdrop.css?v=ab48a1b6" />
<script src="../_static/documentation_options.js?v=290de6c6"></script>
<script src="../_static/doctools.js?v=9bcbadda"></script>
<script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
<link rel="search" title="Search" href="../search.html" />
<link rel="next" title="Sharing Userfiles" href="userfilesharing.html" />
<link rel="prev" title="Common First Steps" href="firststeps.html" />
</head><body>
<div class="header-wrapper" role="banner">
<div class="header">
<div class="headertitle"><a
href="../index.html">Eggdrop 1.10.1rc2 documentation</a></div>
<div class="rel" role="navigation" aria-label="related navigation">
<a href="firststeps.html" title="Common First Steps"
accesskey="P">previous</a> |
<a href="userfilesharing.html" title="Sharing Userfiles"
accesskey="N">next</a>
</div>
</div>
</div>
<div class="content-wrapper">
<div class="content">
<div class="sidebar">
<h3>Table of Contents</h3>
<p class="caption" role="heading"><span class="caption-text">Installing Eggdrop</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../install/readme.html">README</a></li>
<li class="toctree-l1"><a class="reference internal" href="../install/install.html">Installing Eggdrop</a></li>
<li class="toctree-l1"><a class="reference internal" href="../install/upgrading.html">Upgrading Eggdrop</a></li>
</ul>
<p class="caption" role="heading"><span class="caption-text">Using Eggdrop</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../using/features.html">Eggdrop Features</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/core.html">Eggdrop Core Settings</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/partyline.html">The Party Line</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/autoscripts.html">Eggdrop Autoscripts</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/users.html">Users and Flags</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/bans.html">Bans, Invites, and Exempts</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/botnet.html">Botnet Sharing and Linking</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/ipv6.html">IPv6 support</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/tls.html">TLS support</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/ircv3.html">IRCv3 support</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/accounts.html">Account tracking in Eggdrop</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/pbkdf2info.html">Encryption/Hashing</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/python.html">Using the Python Module</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/twitchinfo.html">Twitch</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/tricks.html">Advanced Tips</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/text-sub.html">Textfile Substitutions</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/tcl-commands.html">Eggdrop Tcl Commands</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/twitch-tcl-commands.html">Eggdrop Twitch Tcl Commands</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using/patch.html">Patching Eggdrop</a></li>
</ul>
<p class="caption" role="heading"><span class="caption-text">Tutorials</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="setup.html">Setting Up Eggdrop</a></li>
<li class="toctree-l1"><a class="reference internal" href="firststeps.html">Common First Steps</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">Enabling TLS Security on Eggdrop</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#pre-requisites">Pre-requisites</a></li>
<li class="toctree-l2"><a class="reference internal" href="#connecting-to-a-tls-enabled-irc-server">Connecting to a TLS-enabled IRC server</a></li>
<li class="toctree-l2"><a class="reference internal" href="#protecting-botnet-communications">Protecting Botnet Communications</a></li>
<li class="toctree-l2"><a class="reference internal" href="#additional-information">Additional Information</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="userfilesharing.html">Sharing Userfiles</a></li>
<li class="toctree-l1"><a class="reference internal" href="firstscript.html">Writing an Eggdrop Tcl Script</a></li>
<li class="toctree-l1"><a class="reference internal" href="module.html">Writing a Basic Eggdrop Module</a></li>
</ul>
<p class="caption" role="heading"><span class="caption-text">Eggdrop Modules</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../modules/index.html">Eggdrop Module Information</a></li>
<li class="toctree-l1"><a class="reference internal" href="../modules/included.html">Modules included with Eggdrop</a></li>
<li class="toctree-l1"><a class="reference internal" href="../modules/writing.html">How to Write an Eggdrop Module</a></li>
<li class="toctree-l1"><a class="reference internal" href="../modules/internals.html">Eggdrop Bind Internals</a></li>
</ul>
<p class="caption" role="heading"><span class="caption-text">About Eggdrop</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../about/about.html">About Eggdrop</a></li>
<li class="toctree-l1"><a class="reference internal" href="../about/legal.html">Boring legal stuff</a></li>
</ul>
<div role="search">
<h3 style="margin-top: 1.5em;">Search</h3>
<form class="search" action="../search.html" method="get">
<input type="text" name="q" />
<input type="submit" value="Go" />
</form>
</div>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<section id="enabling-tls-security-on-eggdrop">
<h1>Enabling TLS Security on Eggdrop<a class="headerlink" href="#enabling-tls-security-on-eggdrop" title="Link to this heading">¶</a></h1>
<p>There are several ways TLS encryption can protect communication between your Eggdrop and the world. This guide will walk you through a few common scenarios and how to properly set up TLS protection.</p>
<p>Sidenote: Despite SSL (Secure Socket Layer) encryption being deprecated and no longer secure, the term “SSL” is a bit of an anachronism and still commonly used interchangeably with TLS (Transport Layer Security). If you see the term “SSL” used to describe a secure connection method, to include with within Eggdrop’s own documentation and configuration files, it is probably safe to assume it is actually referring to the secure TLS protocol. If you talk to someone and they use the term “SSL” be sure to correct them, we’re sure they will <em>definitely</em> appreciate it :)</p>
<section id="pre-requisites">
<h2>Pre-requisites<a class="headerlink" href="#pre-requisites" title="Link to this heading">¶</a></h2>
<p>Your server must have OpenSSL (or an equivalent fork) installed. Most commonly this is done through your OS’s package manager. Both the main package as well as the development headers must be installed. On a Debian/Ubuntu distro, this can be done by running:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">apt</span><span class="o">-</span><span class="n">get</span> <span class="n">install</span> <span class="n">openssl</span> <span class="n">libssl</span><span class="o">-</span><span class="n">dev</span>
</pre></div>
</div>
<p>where openssl is the main package binaries, and libssl-dev are the development headers. Without these packages, TLS protection is not possible.</p>
<p>You can check if your Eggdrop properly detected the installation of OpenSSL by either reviewing the ./configure output for the following line:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">checking</span> <span class="k">for</span> <span class="n">openssl</span><span class="o">/</span><span class="n">ssl</span><span class="o">.</span><span class="n">h</span><span class="o">...</span> <span class="n">yes</span>
</pre></div>
</div>
<p>Or, for an Eggdrop that is already running, you can join the partyline and type:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">.</span><span class="n">status</span>
</pre></div>
</div>
<p>and look for:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">TLS</span> <span class="n">support</span> <span class="ow">is</span> <span class="n">enabled</span><span class="o">.</span>
</pre></div>
</div>
</section>
<section id="connecting-to-a-tls-enabled-irc-server">
<h2>Connecting to a TLS-enabled IRC server<a class="headerlink" href="#connecting-to-a-tls-enabled-irc-server" title="Link to this heading">¶</a></h2>
<p>Many, if not most, IRC servers offer connection ports that add TLS protection around the data. Eggdrop uses a ‘+’ symbol in front of the port to denote a port as a TLS-enabled port. To add a server in the config file that supports TLS, add it as normal but simply prefix the port with a ‘+’. For example, if irc.pretendNet.org says it offers TLS on port 7000, you would add it to your configuration file as:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">server</span> <span class="n">add</span> <span class="n">irc</span><span class="o">.</span><span class="n">pretendNet</span><span class="o">.</span><span class="n">org</span> <span class="o">+</span><span class="mi">7000</span>
</pre></div>
</div>
<p>No other action is necessary.</p>
</section>
<section id="protecting-botnet-communications">
<h2>Protecting Botnet Communications<a class="headerlink" href="#protecting-botnet-communications" title="Link to this heading">¶</a></h2>
<p>Eggdrop has the ability to protect botnet (direct bot to bot) communications with TLS.</p>
<section id="configuration-file-preparation-generating-keys">
<h3>Configuration File Preparation - Generating Keys<a class="headerlink" href="#configuration-file-preparation-generating-keys" title="Link to this heading">¶</a></h3>
<p>If an Eggdrop is going to listen/accept connections on a TLS port (more on that in a moment), it must have a public/private certificate pair generated and configured. For most users, a self-signed certificate is sufficient for encryption (a certificate signed by a certificate authority would be more secure, but obtaining one is outside the scope of this tutorial. However, the implementation of a signed keypair is no different than a self-signed pair). To generate a self-signed key pair, enter the Eggdrop source directory (the directory you first compiled Eggdrop from, usually named eggdrop-X.Y.Z) and type:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">make</span> <span class="n">sslcert</span>
</pre></div>
</div>
<p>The wizard will walk you through generating a keypair and will, by default, install to ~/eggdrop (the install location can be changed by “make sslcert DEST=/path/to/eggdrop/install”</p>
<p>In your config file, uncomment the “ssl-privatekey” and “ssl-certificate” settings. Eggdrop will look in the directory it is running from (~/eggdrop by default) for the files listed; add an absolute path if you installed them outside of Eggdrop’d directory.</p>
</section>
<section id="configuration-file-preparation-listening-with-tls">
<h3>Configuration File Preparation - Listening with TLS<a class="headerlink" href="#configuration-file-preparation-listening-with-tls" title="Link to this heading">¶</a></h3>
<p>Now you need to tell Eggdrop to accept TLS connections. As an example, to listen with TLS on port 5555 on all available IPs, add to the config file:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">listen</span> <span class="o">+</span><span class="mi">5555</span> <span class="nb">all</span>
</pre></div>
</div>
<p>(There are numerous ways to format the listen command; read the config file and documentation for other alternatives)</p>
</section>
<section id="connecting-to-an-eggdrop-listening-with-tls">
<h3>Connecting to an Eggdrop listening with TLS<a class="headerlink" href="#connecting-to-an-eggdrop-listening-with-tls" title="Link to this heading">¶</a></h3>
<p>To connect to a bot listening with TLS, prefix the port number with a ‘+’. For example:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">.+</span><span class="n">bot</span> <span class="n">HubBot</span> <span class="mf">1.2.3.4</span> <span class="o">+</span><span class="mi">5555</span>
</pre></div>
</div>
<p>will use TLS to connect to 1.2.3.4 on port 5555 the next time a connection is attempted to HubBot.</p>
</section>
</section>
<section id="additional-information">
<h2>Additional Information<a class="headerlink" href="#additional-information" title="Link to this heading">¶</a></h2>
<p>For additional information and a more thorough explanation of Eggdrop’s TLS implementation, please read the <a class="reference external" href="https://docs.egheads.org/using/tls.html">TLS docs</a></p>
</section>
</section>
<div class="clearer"></div>
</div>
</div>
</div>
</div>
<div class="clearer"></div>
</div>
</div>
<div class="footer-wrapper">
<div class="footer">
<div class="left">
<div role="navigation" aria-label="related navigaton">
<a href="firststeps.html" title="Common First Steps"
>previous</a> |
<a href="userfilesharing.html" title="Sharing Userfiles"
>next</a>
</div>
<div role="note" aria-label="source link">
</div>
</div>
<div class="right">
<div class="footer" role="contentinfo">
© Copyright 2025, Eggheads.
Last updated on Aug 15, 2025.
Created using <a href="https://www.sphinx-doc.org/">Sphinx</a> 8.2.3.
</div>
</div>
<div class="clearer"></div>
</div>
</div>
</body>
</html>
|
