Opened 6 years ago

Closed 4 years ago

#8066 closed defect (fixed)

usewithtor + irssi + ssl = "Socks version 22 not recognized"

Reported by: arma Owned by:
Priority: Medium Milestone:
Component: Core Tor/Torsocks Version:
Severity: Keywords:
Cc: ioerror, nickm Actual Points:
Parent ID: #3711 Points:
Reviewer: Sponsor:


Set up your ~/.irssi/config with

servers = (
    address = "";
    chatnet = "oftc";
    #port = "6667";
    port = "6697";
    use_ssl = "yes";
    # ssl_cert = "~/.irssi/certs/[NICK].pem";
    # ssl_verify = "yes";
    # ssl_cafile = "~/.irssi/certs/CAs.pem";
    autoconnect = "yes";

and then run

usewithtor irssi

Your Tor client will log something like

Jan 27 17:43:52.000 [warn] Socks version 22 not recognized. (Tor is not an http proxy.)
Jan 27 17:43:52.000 [warn] Fetching socks handshake failed. Closing.

and your irssi will complain with something like

18:06 -!- Irssi: Looking up
18:06 -!- Irssi: Connecting to [] port 6697
18:06 -!- Irssi: warning SSL handshake failed: Connection reset by peer
18:06 -!- Irssi: Connection lost to

What's happening behind the scenes is that your irssi is attempting a connect, getting an einprogress (presumably since it's non-blocking), sending the ssl handshake right then, and then later torsocks tries to inject the socks handshake. Oops.

setsockopt(4, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(4, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
getsockopt(4, SOL_SOCKET, SO_TYPE, [1], [4]) = 0
getpeername(4, 0x7fff04186010, [16])    = -1 ENOTCONN (Transport endpoint is not connected)
connect(4, {sa_family=AF_INET, sin_port=htons(9050), sin_addr=inet_addr("")}, 16) = -1 EINPROGRESS (Operation now in progress)
fstat(4, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
fcntl(4, F_GETFL)                       = 0x802 (flags O_RDWR|O_NONBLOCK)
write(4, "\26\3\1\1;\1\0\0017\3\3Q\5\253\315\302\4\246F_\255\232\205\206h\24\345\351\310e'\r"..., 320) = 320
read(4, 0x19a9770, 7)                   = -1 EAGAIN (Resource temporarily unavailable)
sendto(4, "\4\1\32)\0\0\0\1arma\\0", 26, 0, NULL, 0) = 26
recvfrom(4, "", 8, 0, NULL, NULL)       = 0
close(4)                                = 0

Child Tickets

Change History (9)

comment:1 Changed 6 years ago by arma

<nickm> I have three guesses!
<nickm> Guess one: we see that the connect() has given us EINPROGRESS, but we
don't tell the application EINPROGRESS, so the application thinks it can
<nickm> Guess 2: we see EINPROGRESS and report EINPROGRESS, but the
application figures it can talk anyway because hey, maybe it will work!
<nickm> Guess 3: like guess 2 , but the application is actually allowed to do

comment:2 Changed 6 years ago by arma appears to be the same issue, in a different application.

comment:3 Changed 6 years ago by arma

Cc: ioerror added

comment:4 Changed 6 years ago by arma

Cc: nickm added

comment:5 Changed 6 years ago by sysrqb

I know we like to pick on irssi, but this may be less irssi and more the crypto lib it uses (openssl?), but I guess it doesn't make a huge difference. There was an open issue on google code[1] that we decided was invalid which involved irssi connecting to the freenode hidden service. This was not using ssl and the connection was successfully established.

Also, while I was looking for the above ticket, I came across [2] which may be relevant.


comment:6 Changed 6 years ago by lukash

do you guys have anything new on this? facing the same issue with no luck in finding what's really wrong :/

comment:7 Changed 6 years ago by arma

I continue to assume this is a torsocks bug, where it isn't intercepting / handling all the syscalls correctly in the case of nonblocking sockets.

comment:8 in reply to:  7 Changed 6 years ago by sysrqb

Parent ID: #3711

Replying to arma:

I continue to assume this is a torsocks bug, where it isn't intercepting / handling all the syscalls correctly in the case of nonblocking sockets.

I agree. This should be resolved once #3711 is merged. Solving this problem is just a side effect - but a good side effect. I'll leave this open until everything is merged and we're satisfied.

comment:9 Changed 4 years ago by dgoulet

Resolution: fixed
Status: newclosed

irssi + ssl works with torsocks 2.x so I'll close this one.

However, irssi + .onion don't work but that's a different issue.

Note: See TracTickets for help on using tickets.