29 May
2010
29 May
'10
5:25 p.m.
And one other thing... On Sat, May 29, 2010 at 7:26 PM, Jason Hill <secrtagnt@gmail.com> wrote:
An easy example of IRC over SSL being "broken", most web irc clients allow SSL connections to IRC servers over HTTP. The ircd has no idea traffic is really going over unencrypted HTTP and thus would allow you to join an SSL-only channel. BNCs are another example.
Most of those web irc clients are java applets. They connect from your machine, not via the web server. There is no unencrypted http relaying of content there. -Aaron