%_load manual.var%
SSL is placed in the browser level. However, since chat does not involve the browser, an encryption protocol is used between the chat server and the java client. The java client is served a seed from the secure Web server. The seed, created using WebMaster's certified and tested random number generator, is used to key a 56 or 128-bit symmetric cipher. This encryption protocol, known as the Blowfish cipher, is one of the most widely used and trusted encryption products available.
Whenever you're in a channel that is secure, a lock icon appears next to the channel name, and all clients that you private message see this icon, indicating that encryption is in effect, as well as a designator that specifies the level in use (56 or 128 bits). This system allows you to know that all participants in a channel (or those with whom you're in direct communication) are using encrypted clients.
The server-to-server linking protocol has also been modified to allow servers to link together with encryption, guaranteeing end-to-end security in multi-server installations. This means that you can now create a secure private chat network among servers at different locations.
The standard ports that will be enabled are port 443 for the web server and port 994 for the chat server. Both of these values can be changed. A restart will be needed if you change the ports on the server. To enable SSL on the chat server and the web server takes two commands:
/as general ssl enable
/as web ssl enable
If you want to only allow SSL connections to the server then the following command should be used:
/as general set secureonly on
If you want to madate the use of SSL for all servers that connect to your server or any remote server then you can issue the following command:
/as general set securenetwork on
Connecting to the server requires that you use https rather than http. The themes have all been modified to work with encryption and all you need to do is make the SSL connection from a browser to the server.
https://<yourserver:port>
If you use port 443 then you don't need to designate a port.