InspIRCd v2 is coming to the end of its lifetime!

Fixes for security vulnerabilities will be provided until 2021-01-01 but after this date v2 will no longer be maintained.

InspIRCd v3 contains many new features including full support for all currently ratified IRCv3 extensions and WebSocket connections.

InspIRCd v3 installation instructions are available here and a list of breaking changes is available here.

The "ssl_gnutls" Module

This module depends on a third-party library (GnuTLS) and must be manually enabled at compile time.

Once you have installed the dependency you can enable this module using the following command:

./configure --enable-extras m_ssl_gnutls.cpp


This module allows TLS (SSL) encrypted connections using the GnuTLS library.


To load this module use the following <module> tag:

<module name="">


This module extends the core <bind> tags with the following keys:

Name Description
ssl This MUST be set to "gnutls" to listen for secure connections with GnuTLS.
Example Usage

Listens for GnuTLS encrypted IRC connections on the *:6697 endpoint:

<bind address="*"

Listens for GnuTLS encrypted server connections on the *:7000 endpoint:

<bind address="*"


The <gnutls> tag defines settings about how the ssl_gnutls module should behave. This tag can only be defined once.

Name Type Default Value Description
advertisedports Text None Deprecated! If defined then a static value to use for the 005 SSL token instead of guessing based on the available listeners.
cafile Text conf/ca.pem The path to the CA in PEM format.
certfile Text conf/cert.pem The path to the certificate in PEM format.
crlfile Text conf/crl.pem The path to the CRL in PEM format.
dhbits Number 1024 The size of DH parameters to generate.
hash Text md5 The hash algorithm used for SSL client fingerprints.
keyfile Text conf/key.pem The path to the private key in PEM format.
priority Text NORMAL A GnuTLS priority string.
showports Boolean Yes Deprecated! Whether to show an IP/port that clients can connect securely on in the 005 message.
starttls Boolean Yes Deprecated! Whether to enable support for the IRCv3 STARTTLS specification.

The hash field should be set to one of the following values:

Value Description
md5 Generates fingerprints using the MD5 algorithm.
sha1 Generates fingerprints using the SHA-1 algorithm.
sha256 Generates fingerprints using the SHA-256 algorithm. Requires the ssl_gnutls module to be built with INSPIRCD_GNUTLS_ENABLE_SHA256_FINGERPRINT enabled.
Example Usage
<gnutls advertisedports=""

Client Capabilities

Name Description
tls Allows plaintext connections to upgrade to SSL (TLS).