Providing TLS for Ngircd


Before you can enable TLS for ngircd, you must first have a properly-signed SSL cert.

Check to see if you have the following two files:


You will, of course, need to replace with your actual hostname.

Copying the cert and key

We'll need to copy the cert and key into /etc/ngircd/

$ doas cp /etc/ssl/ /etc/ngircd/
$ doas cp /etc/ssl/private/ /etc/ngircd/

In /etc/ngircd/ngircd.conf, change the following lines in the [SSL] block:

        # SSL Server Key Certificate
        CertFile = /etc/ngircd/
        # SSL Server Key
        KeyFile = /etc/ngircd/
        # Additional Listen Ports that expect SSL/TLS encrypted connections
        Ports = 6697, 9999, 16697

Optional: If you want to have a DHFile,

$ doas openssl dhparam -out /etc/ngircd/dhparams.pem 2048
$ doas chown _ngircd:_ngircd /etc/ngircd/dhparams.pem

Then, uncomment DHFile = /etc/ngircd/dhparams.pem in /etc/ngircd/ngircd.conf.