diff options
Diffstat (limited to 'doc/en')
-rw-r--r-- | doc/en/weechat_faq.en.adoc | 30 | ||||
-rw-r--r-- | doc/en/weechat_quickstart.en.adoc | 2 | ||||
-rw-r--r-- | doc/en/weechat_relay_protocol.en.adoc | 2 | ||||
-rw-r--r-- | doc/en/weechat_user.en.adoc | 62 |
4 files changed, 48 insertions, 48 deletions
diff --git a/doc/en/weechat_faq.en.adoc b/doc/en/weechat_faq.en.adoc index e8f6588e4..44a093729 100644 --- a/doc/en/weechat_faq.en.adoc +++ b/doc/en/weechat_faq.en.adoc @@ -691,8 +691,8 @@ you have to use kbd:[Alt] instead of kbd:[Shift]). [[irc]] == IRC -[[irc_ssl_connection]] -=== I have some problems when connecting to a server using SSL, what can I do? +[[irc_tls_connection]] +=== I have some problems when connecting to a server using TLS, what can I do? If you are using macOS, you must install `openssl` from Homebrew. A CA file will be bootstrapped using certificates from the system keychain. @@ -701,43 +701,43 @@ If you see errors about gnutls handshake, you can try to use a smaller Diffie-Hellman key (default is 2048): ---- -/set irc.server.example.ssl_dhkey_size 1024 +/set irc.server.example.tls_dhkey_size 1024 ---- -If you see errors about certificate, you can disable "ssl_verify" (be careful, +If you see errors about certificate, you can disable "tls_verify" (be careful, connection will be less secure by doing that): ---- -/set irc.server.example.ssl_verify off +/set irc.server.example.tls_verify off ---- If the server has an invalid certificate and you know what the certificate should be, you can specify the fingerprint (SHA-512, SHA-256 or SHA-1): ---- -/set irc.server.example.ssl_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b +/set irc.server.example.tls_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b ---- -[[irc_ssl_handshake_error]] -=== When connecting to server with SSL, I only see the error "TLS handshake failed", what can I do? +[[irc_tls_handshake_error]] +=== When connecting to server with TLS, I only see the error "TLS handshake failed", what can I do? You can try a different priority string, replace "xxx" by your server name: ---- -/set irc.server.xxx.ssl_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" +/set irc.server.xxx.tls_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" ---- -[[irc_ssl_libera]] -=== How can I connect to libera server using SSL? +[[irc_tls_libera]] +=== How can I connect to libera server using TLS? Check that you have certificates installed on your system, this is commonly provided by the package "ca-certificates". -Setup server port, SSL, then connect: +Setup server port, TLS, then connect: ---- /set irc.server.libera.addresses "irc.libera.chat/6697" -/set irc.server.libera.ssl on +/set irc.server.libera.tls on /connect libera ---- @@ -1003,7 +1003,7 @@ Scripts are not compatible with other IRC clients. [[scripts_update]] === The command "/script update" can not read scripts, how to fix that? -First check questions about SSL connection in this FAQ. +First check questions about TLS connection in this FAQ. If still not working, try to manually delete the scripts file (in your shell): @@ -1087,7 +1087,7 @@ You can try following tips to consume less memory: fifo, logger, perl, python, ruby, lua, tcl, guile, javascript, php, spell, xfer (used for DCC). See `/help weechat.plugin.autoload`. * Load only scripts that you really need. -* Do not load system certificates if SSL is *NOT* used: turn off this option: +* Do not load system certificates if TLS is *NOT* used: turn off this option: _weechat.network.gnutls_ca_system_. * Reduce value of option _weechat.history.max_buffer_lines_number_ or set value of option _weechat.history.max_buffer_lines_minutes_. diff --git a/doc/en/weechat_quickstart.en.adoc b/doc/en/weechat_quickstart.en.adoc index 3ed617276..cf03e39e3 100644 --- a/doc/en/weechat_quickstart.en.adoc +++ b/doc/en/weechat_quickstart.en.adoc @@ -105,7 +105,7 @@ other plugins in the list. You can add an IRC server with the `/server` command, for example: ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- In this command, `libera` is the internal server name used by WeeChat: diff --git a/doc/en/weechat_relay_protocol.en.adoc b/doc/en/weechat_relay_protocol.en.adoc index 2724b2f2a..13e192b9c 100644 --- a/doc/en/weechat_relay_protocol.en.adoc +++ b/doc/en/weechat_relay_protocol.en.adoc @@ -2317,7 +2317,7 @@ will change). [NOTE] During WeeChat upgrade, the socket remains opened (except if connection uses -SSL). +TLS). [[message_upgrade_ended]] ==== _upgrade_ended diff --git a/doc/en/weechat_user.en.adoc b/doc/en/weechat_user.en.adoc index d04104f2b..7ef9e573f 100644 --- a/doc/en/weechat_user.en.adoc +++ b/doc/en/weechat_user.en.adoc @@ -27,7 +27,7 @@ light, designed for many operating systems. Main features are: * multi-protocols (mainly IRC) -* multi-servers connection (with SSL, IPv6, proxy) +* multi-servers connection (with TLS, IPv6, proxy) * small, fast and light * customizable and extensible with plugins and scripts * compliant with IRC RFCs @@ -159,7 +159,7 @@ WeeChat: | Package ^(1)^ | Version | Features | {cpp} compiler (pass:[g++ / clang++]) | | Build and run tests, JavaScript plugin. | gettext | | Internationalization (translation of messages; base language is English). -| ca-certificates | | Certificates for SSL connections. +| ca-certificates | | Certificates for TLS connections. | libaspell-dev / libenchant-dev | | Spell plugin. | python3-dev | ≥ 3.0 | Python plugin. | libperl-dev | | Perl plugin. @@ -729,10 +729,10 @@ This can be done while WeeChat is running. === Upgrade command WeeChat can restart the new binary, in place, using the -<<command_weechat_upgrade,/upgrade>> command: the buffer contents and non-SSL +<<command_weechat_upgrade,/upgrade>> command: the buffer contents and non-TLS connections are preserved. + -The SSL connections are lost during upgrade and are restored automatically -after the upgrade (reload of SSL sessions is currently not possible +The TLS connections are lost during upgrade and are restored automatically +after the upgrade (reload of TLS sessions is currently not possible with GnuTLS). The command can also be used if you have to restart the machine, for example @@ -3158,7 +3158,7 @@ Sections in file _weechat.conf_: | history | /set weechat.history.* | History options (commands and buffers). | proxy | <<command_weechat_proxy,/proxy>> + /set weechat.proxy.* | Proxy options. -| network | /set weechat.network.* | Network/SSL options. +| network | /set weechat.network.* | Network/TLS options. | plugin | /set weechat.plugin.* | Options on plugins. | signal | /set weechat.signal.* | Options on signals. | bar | <<command_weechat_bar,/bar>> + @@ -3210,10 +3210,10 @@ By default no servers are defined. You can add as many servers as you want with the <<command_irc_server,/server>> command. For example to connect to https://libera.chat/[libera.chat ^↗^,window=_blank] -with SSL (encrypted trafic): +with TLS (encrypted trafic): ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- You can tell WeeChat to auto-connect to this server on startup: @@ -3292,13 +3292,13 @@ irc.server.libera.sasl_password string "${sec.data.libera}" irc.server.libera.sasl_timeout integer null -> 15 irc.server.libera.sasl_username string "alice" irc.server.libera.split_msg_max_length integer null -> 512 -irc.server.libera.ssl boolean on -irc.server.libera.ssl_cert string null -> "" -irc.server.libera.ssl_dhkey_size integer null -> 2048 -irc.server.libera.ssl_fingerprint string null -> "" -irc.server.libera.ssl_password string null -> "" -irc.server.libera.ssl_priorities string null -> "NORMAL:-VERS-SSL3.0" -irc.server.libera.ssl_verify boolean null -> on +irc.server.libera.tls boolean on +irc.server.libera.tls_cert string null -> "" +irc.server.libera.tls_dhkey_size integer null -> 2048 +irc.server.libera.tls_fingerprint string null -> "" +irc.server.libera.tls_password string null -> "" +irc.server.libera.tls_priorities string null -> "NORMAL:-VERS-SSL3.0" +irc.server.libera.tls_verify boolean null -> on irc.server.libera.usermode string null -> "" irc.server.libera.username string null -> "alice" .... @@ -3317,13 +3317,13 @@ value, which is now `on` instead of the default value `off`: /unset irc.server.libera.autoconnect ---- -[[irc_ssl_certificates]] -==== SSL certificates +[[irc_tls_certificates]] +==== TLS certificates -When connecting to IRC server with SSL, WeeChat checks by default that the +When connecting to IRC server with TLS, WeeChat checks by default that the connection is fully trusted. -Some options are used to control SSL connection: +Some options are used to control TLS connection: weechat.network.gnutls_ca_system:: load system's default trusted certificate authorities on startup @@ -3331,19 +3331,19 @@ weechat.network.gnutls_ca_system:: weechat.network.gnutls_ca_user:: extra file(s) with certificate authorities -irc.server.xxx.ssl_cert:: - SSL certificate file used to automatically identify your nick (for example +irc.server.xxx.tls_cert:: + TLS certificate file used to automatically identify your nick (for example CertFP on oftc, see below) -irc.server.xxx.ssl_dhkey_size:: +irc.server.xxx.tls_dhkey_size:: size of the key used during the Diffie-Hellman Key Exchange (by default: 2048) -irc.server.xxx.ssl_verify:: - check that the SSL connection is fully trusted (on by default) +irc.server.xxx.tls_verify:: + check that the TLS connection is fully trusted (on by default) [NOTE] -Option "ssl_verify" is on by default, so verification is strict and may fail, +Option "tls_verify" is on by default, so verification is strict and may fail, even if it was OK with versions prior to 0.3.1. [[irc_connect_oftc_with_certificate]] @@ -3352,8 +3352,8 @@ even if it was OK with versions prior to 0.3.1. * Import certificate in shell: ---- -$ mkdir -p ~/.config/weechat/ssl -$ wget -O ~/.config/weechat/ssl/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt +$ mkdir -p ~/.config/weechat/tls +$ wget -O ~/.config/weechat/tls/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt ---- [NOTE] @@ -3375,8 +3375,8 @@ It is possible to concatenate many certificates in file CAs.pem. * Create certificate in shell: ---- -$ mkdir -p ~/.config/weechat/ssl -$ cd ~/.config/weechat/ssl +$ mkdir -p ~/.config/weechat/tls +$ cd ~/.config/weechat/tls $ openssl req -nodes -newkey rsa:2048 -keyout nick.pem -x509 -days 365 -out nick.pem ---- @@ -3387,7 +3387,7 @@ which can also be for example `~/.weechat`. * In WeeChat, with "oftc" server already added: ---- -/set irc.server.oftc.ssl_cert "${weechat_config_dir}/ssl/nick.pem" +/set irc.server.oftc.tls_cert "${weechat_config_dir}/tls/nick.pem" /connect oftc /msg nickserv cert add ---- @@ -3675,7 +3675,7 @@ WeeChat supports SASL authentication, using different mechanisms: * _scram-sha-256_: SCRAM with SHA-256 digest algorithm * _scram-sha-512_: SCRAM with SHA-512 digest algorithm * _ecdsa-nist256p-challenge_: challenge with public/private key -* _external_: client side SSL cert +* _external_: client side TLS cert Options in servers are: |