Connecting using TLS
TLS client access is supported on all servers, on ports 6697 and 9999. We do not support SSLv2 or SSLv3 connections. Users connecting over TLS are given user mode +z and "is using a secure connection" will be shown when you /WHOIS them (numeric reply 671).
To ensure that your client can verify our server certificates, we suggest making sure your system has an up-to-date set of root CA certificates. For most clients, this should be sufficient; however, you can download the root certificate from LetsEncrypt, if not.
Our servers support SNI. For clients that support it, this means the server will offer the appropriate certificate regardless of whether you connect using irc.darenet.org or use the server's darenet.org hostname.
Client certificates are also supported, and may be used for authenticating to services. For more information, please see the CertFP guide. If you have connected with a client certificate, "has client certificate fingerprint [SHA-256_FINGERPRINT_HERE]" (numeric reply 276) will appear when you /WHOIS yourself.