Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

You scratch my tape, and I'll scratch yours.


computers / rocksolid.nodes.help / Re: novabbs SSL connection failure

SubjectAuthor
* novabbs SSL connection failureG.K.
`* novabbs SSL connection failureMarco Moock
 `* novabbs SSL connection failureRetro Guy
  `- novabbs SSL connection failureRetro Guy

1
novabbs SSL connection failure

<trv1su$2687$1@news.cyber23.de>

 copy mid

https://novabbs.com/computers/article-flat.php?id=212&group=rocksolid.nodes.help#212

 copy link   Newsgroups: rocksolid.nodes.help
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!feed1.usenet.blueworldhosting.com!1.us.feeder.erje.net!feeder.erje.net!news.quux.org!news.cyber23.de!.POSTED!not-for-mail
From: g...@k.invalid (G.K.)
Newsgroups: rocksolid.nodes.help
Subject: novabbs SSL connection failure
Date: Tue, 7 Feb 2023 20:39:30 -0600
Organization: Cyber23 news
Message-ID: <trv1su$2687$1@news.cyber23.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 8 Feb 2023 02:37:19 -0000 (UTC)
Injection-Info: news.cyber23.de;
logging-data="71943"; mail-complaints-to="abuse@cyber23.de"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.6.0
Content-Language: en-US
 by: G.K. - Wed, 8 Feb 2023 02:39 UTC

When trying to connect to news.novabbs.org using SSL via Thunderbird the
connection fails. Connect also fails with telnet-ssl.

$ telnet-ssl news.novabbs.org 563
telnet: Unable to connect to remote host: Connection refused

What should I do to get this working?

-- G.K.

Re: novabbs SSL connection failure

<trvj0v$2g5i$6@dont-email.me>

 copy mid

https://novabbs.com/computers/article-flat.php?id=214&group=rocksolid.nodes.help#214

 copy link   Newsgroups: rocksolid.nodes.help
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: mo0...@posteo.de (Marco Moock)
Newsgroups: rocksolid.nodes.help
Subject: Re: novabbs SSL connection failure
Date: Wed, 8 Feb 2023 08:29:35 +0100
Organization: A noiseless patient Spider
Lines: 10
Message-ID: <trvj0v$2g5i$6@dont-email.me>
References: <trv1su$2687$1@news.cyber23.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 8 Feb 2023 07:29:35 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="cd61903aba6946f0f8232c80e1aea5e3";
logging-data="82098"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX192/iFWz05ceCPj98pANp3J"
Cancel-Lock: sha1:23WmXpjSVbQHauSI8Ah45b/B6Jk=
 by: Marco Moock - Wed, 8 Feb 2023 07:29 UTC

Am 07.02.2023 um 20:39:30 Uhr schrieb G.K.:

> When trying to connect to news.novabbs.org using SSL via Thunderbird
> the connection fails. Connect also fails with telnet-ssl.

See my other post:

They didn't configured the service well for IPv6, so they need to fix
it.

Re: novabbs SSL connection failure

<8196aafeec5ea9ccd0f1740f8e70a1fb@news.novabbs.org>

 copy mid

https://novabbs.com/computers/article-flat.php?id=215&group=rocksolid.nodes.help#215

 copy link   Newsgroups: rocksolid.nodes.help
Path: i2pn2.org!.POSTED.novabbs-org!not-for-mail
From: retro....@rocksolidbbs.com (Retro Guy)
Newsgroups: rocksolid.nodes.help
Subject: Re: novabbs SSL connection failure
Date: Mon, 20 Feb 2023 18:45:24 +0000
Organization: Rocksolid Light
Message-ID: <8196aafeec5ea9ccd0f1740f8e70a1fb@news.novabbs.org>
References: <trv1su$2687$1@news.cyber23.de> <trvj0v$2g5i$6@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.i2pn2.org; posting-account="novabbs.org"; posting-host="novabbs-org:10.136.143.187";
logging-data="31063"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light 0.7.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.org
X-Rslight-Site: $2y$10$XQbzIDwprkkD6H4GVSHF5.Ih.HoFpfCIH0PB.P0btFGyVJLZEkMfy
X-Rslight-Posting-User: 91053d4a47d51b416144568e5a1040f05e31ed1b
X-Face: .&YR-G(w(DZ$$,}%k=]*5*!p'=(anr"IT`wZG'2VWdfl\r)l[42u7JH`n(JUQ*e5*A|XCDf
?&\X&uwkl38"CYX3O8m}C8E4p'%N$2#kSTVzx{Ly|DjLT\Vk7NE}NQ(VC$Yq]i:7|z[.9iv^g>*8_B
H0=hZt'[%)4kG|
 by: Retro Guy - Mon, 20 Feb 2023 18:45 UTC

Marco Moock wrote:

> Am 07.02.2023 um 20:39:30 Uhr schrieb G.K.:

>> When trying to connect to news.novabbs.org using SSL via Thunderbird
>> the connection fails. Connect also fails with telnet-ssl.

> See my other post:

> They didn't configured the service well for IPv6, so they need to fix
> it.

I assume it works ok IPV4. I will check IPV6 setup in a while and see if
I can get it working properly.

BTW, 563 is an INN2 server and 8563 is a rslight server.

The rslight server does not automatically notice updated cert so I'll fix
that when I can.

--
Retro Guy

Re: novabbs SSL connection failure

<20230321132000.4168c646f1ea67713e6f8bc4@novabbs.com>

 copy mid

https://novabbs.com/computers/article-flat.php?id=245&group=rocksolid.nodes.help#245

 copy link   Newsgroups: rocksolid.nodes.help
Path: i2pn2.org!rocksolid2!.POSTED.2600:8800:3600:1344:baca:3aff:fe7c:dafa!not-for-mail
From: retro...@novabbs.com (Retro Guy)
Newsgroups: rocksolid.nodes.help
Subject: Re: novabbs SSL connection failure
Date: Tue, 21 Mar 2023 13:20:00 -0700
Organization: rocksolid2 (novabbs.org)
Message-ID: <20230321132000.4168c646f1ea67713e6f8bc4@novabbs.com>
References: <trv1su$2687$1@news.cyber23.de>
<trvj0v$2g5i$6@dont-email.me>
<8196aafeec5ea9ccd0f1740f8e70a1fb@news.novabbs.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Info: novabbs.org; posting-account="retro guy"; posting-host="2600:8800:3600:1344:baca:3aff:fe7c:dafa";
logging-data="6937"; mail-complaints-to="usenet@novabbs.org"
X-Newsreader: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
 by: Retro Guy - Tue, 21 Mar 2023 20:20 UTC

On Mon, 20 Feb 2023 18:45:24 +0000
retro.guy@rocksolidbbs.com (Retro Guy) wrote:

> Marco Moock wrote:
>
> > Am 07.02.2023 um 20:39:30 Uhr schrieb G.K.:
>
> >> When trying to connect to news.novabbs.org using SSL via Thunderbird
> >> the connection fails. Connect also fails with telnet-ssl.
>
> > See my other post:
>
> > They didn't configured the service well for IPv6, so they need to fix
> > it.
>
> I assume it works ok IPV4. I will check IPV6 setup in a while and see if
> I can get it working properly.

I have configured ipv6 for news.novabbs.org and it seems the rslight NNTP
server is working fine with it in Thuderbird (posting with it now), etc.
The INN2 server does NOT work with Thuderbird, but works fine with Sylpheed.

Here is the result of an openssl test to the INN2 server:
$ openssl s_client -connect news.novabbs.org:563
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = news.novabbs.org
verify return:1
---
Certificate chain
0 s:CN = news.novabbs.org
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
3 s:O = Digital Signature Trust Co., CN = DST Root CA X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISBH/gscyfgU9JRUJVu7XGwIzVMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzAxMjEwNDA2MjlaFw0yMzA0MjEwNDA2MjhaMBsxGTAXBgNVBAMT
EG5ld3Mubm92YWJicy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDcjPhFLYZHidhvExll02VNhcLUo5cxXY5mdSxrB89UGqST0EBMcoxHyRGLMPHd
y4E+Qf2U9d4OPcNgxww9eeavIDX0ebs2rllZcoIG7wuYE1Lr26BEWeFMf2fq2AiC
yChkHP+OwJgc4RHPSPc2UloCQh1LkSDSK238hJOxCOujpPztgVUtEOe2l/sFnEiN
crp5cr/TODn0O/h0lC3pNDnUeKLsS8umhXX69G1gbYVQYovHnm2YqJYUUC7a7cJ6
Kz0O8qxlQwCSEVajyw+cHAVRFXQc08l+uoV/omcDUPKtl9gBUhZUPeS6wg9fILVT
jOsIUCEGH/4TQ9wVQ+qukddNAgMBAAGjggJKMIICRjAOBgNVHQ8BAf8EBAMCBaAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
VR0OBBYEFA+i0/klGn4K02MN7AOQFiS6dUr+MB8GA1UdIwQYMBaAFBQusxe3WFbL
rlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDov
L3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5v
cmcvMBsGA1UdEQQUMBKCEG5ld3Mubm92YWJicy5vcmcwTAYDVR0gBEUwQzAIBgZn
gQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5s
ZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQB6MoxU2Lct
tiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYXSuJRYAAAEAwBGMEQCIAvPT7B1
YgAVBQcO19mMstITYdDRMSekOi4Dmfngl6jeAiA89vpz+c+Ai/wTkfTt5/FiE4mI
woPvVr7YwPVexieIAAB2AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1u
AAABhdK4lGQAAAQDAEcwRQIgQGpKfNdXLEOlczbcTjkxQZubmVRhtmg9eSInsFKp
RmwCIQDKlF40ERUpdxc//bOh6bppFcb/hPISW6pcp6sos4IX3jANBgkqhkiG9w0B
AQsFAAOCAQEARKaUzwnxrd/oZvqE5IXRo9nCDeP+sNvyT/QDJ/EG6GQIiN3hBDSc
80hm61DlyuYBzeOkpCxAuqtHCBfOEcRs5v+LBWPaPn15yw+QIlV9EcEXY1tZavF0
3PCdEys8Ow3ThuWICMC5IvYCQxTROFlX3MV0KnApFcUZbJbMuUCz2mZQL0fo+HEa
/OynjZtvB/73qKXVBX5/IN8z9SnaFMn2OiOLKdSZa5cA7gexZq4+d5Qs+n/pIRf5
18atrqHFdKO+O6kkabQReOzCba3yurhUmorRuNAUwIiRiZ39s6lzmnRDZxNhlKX2
R42+S6Vm3kT+BhTwjyC7SNMZwX4KLrGwKw==
-----END CERTIFICATE-----
subject=CN = news.novabbs.org

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5424 bytes and written 388 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 4D5D18F3BA5885C47FD1A07994A1652AC952FE55915CC95AF905DBBCE722AC7D
Session-ID-ctx:
Resumption PSK: 8010092AFE8BB17BDBCACF202DF2EE40BC0477114118E1192A992B49F97F3A121B59BBB9F6999D03EF02E934CD933985
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 27 cd 78 8c 38 bc 4f 25-2b 60 8e 7e 8b 4a 77 24 '.x.8.O%+`.~.Jw$
0010 - 99 d8 7f 0f b0 c4 2b d7-2b e7 1f 71 8a 6e 24 d8 ......+.+..q.n$.
0020 - 26 0b 55 02 af 19 b8 e2-d2 71 03 94 28 8c 44 5c &.U......q..(.D\
0030 - 90 cb f8 a1 65 3f f1 ac-20 f6 cf 71 87 49 36 c2 ....e?.. ..q.I6.
0040 - 16 1b 50 09 7f 20 5e 20-a0 f9 48 26 60 a1 61 4b ..P.. ^ ..H&`.aK
0050 - 75 95 83 de c8 0e c6 9e-54 46 75 80 84 60 5d 8a u.......TFu..`].
0060 - fd 18 43 be 06 82 3d 12-79 d0 7b 00 f9 52 16 72 ..C...=.y.{..R.r
0070 - d8 c0 d0 00 ba 23 16 64-b0 27 97 f3 68 70 a4 0f .....#.d.'..hp..
0080 - b1 4a 15 48 b9 04 52 9c-29 36 65 91 24 bd ba 6e .J.H..R.)6e.$..n
0090 - 52 32 8c b9 de e9 89 b6-62 8a 52 65 16 d7 14 57 R2......b.Re...W
00a0 - cd 23 28 17 c4 92 d8 fe-60 8e b8 83 ce ea 83 30 .#(.....`......0
00b0 - eb fa f2 16 c5 17 ed ad-ab d1 de 9c 06 f8 3f ee ..............?.

Start Time: 1679429307
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 2F9C8E528AB03C56E6F3ACAE94A6B10D26229ACDF619853337EDCF475E181837
Session-ID-ctx:
Resumption PSK: 8FD6E8D9FA24AF5EF29E5217F8924E0D3124B12D67900924A0F635640D247FFDB892011F32CD9194293326D5F155C800
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 27 cd 78 8c 38 bc 4f 25-2b 60 8e 7e 8b 4a 77 24 '.x.8.O%+`.~.Jw$
0010 - e2 66 0f 65 4e 27 33 a3-31 e4 25 6c 54 63 1b 09 .f.eN'3.1.%lTc..
0020 - 9f 9d 14 72 47 a6 0a 50-51 8c 07 5b ce b8 c0 8d ...rG..PQ..[....
0030 - 93 7e fc 5f d8 b4 15 80-e5 5a 5f 65 f9 f6 0c ff .~._.....Z_e....
0040 - de 3f a9 6e c1 b6 b3 b5-4c 5f ee f8 c3 04 48 70 .?.n....L_....Hp
0050 - 6a e9 8e c2 42 f4 c0 62-14 aa 44 72 06 e1 34 74 j...B..b..Dr..4t
0060 - 5c 2e 86 1b e0 48 03 39-7a 8a 81 aa 72 a6 7e ae \....H.9z...r.~.
0070 - c3 e6 94 0f f1 37 95 4a-bf a6 c5 c8 28 31 30 11 .....7.J....(10.
0080 - 14 44 5a c9 80 6e d7 7d-7c c8 54 4e 5a cc d6 ca .DZ..n.}|.TNZ...
0090 - ca 24 1d 56 97 9f 7c 9d-54 de 2c 5e f6 05 e6 94 .$.V..|.T.,^....
00a0 - 64 f4 7a 78 c8 03 3f dc-c1 2b 0a 0a fe b5 ec 64 d.zx..?..+.....d
00b0 - 92 a0 64 fe 01 93 aa 5e-ab b3 9c 40 02 fc 0d 09 ..d....^...@....

Start Time: 1679429307
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
200 rocksolid2 InterNetNews NNRP server INN 2.6.3 ready (no posting)
-----------------------------
This seems ok. Any thoughts on why Thuderbird isn't working with it?

> BTW, 563 is an INN2 server and 8563 is a rslight server.
>
> The rslight server does not automatically notice updated cert so I'll fix
> that when I can.

Keeping certs up to date is fixed in the latest commit.

--
Retro Guy <retroguy@novabbs.com>

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor