1. Forum
  2. Usenet
  3. NEWS.SOFTWARE.NNTP

  • Re: Abemus Usenet News [testing]

    From Gabx@21:1/5 to Nomen Nescio on Tue Apr 1 00:00:57 2025
    XPost: alt.privacy.anon-server, news.admin.peering

    Nomen Nescio wrote:
    200 news.tcpreset.net InterNetNews NNRP server INN 2.6.4 ready (posting
    ok)
    closed


    A configured client seems to connect, no server group list downloads, just sits there no errors.

    Also, if you telnet to news.tcpreset.net 119, you get this error.

    400 Encrypted TLS connection failed

    Connection to host lost.

    Thanks for doing this!


    nnrpd with ssl/tls on port 563 requires a separate configuration and
    a separate process.
    Which I haven't done, yet.
    It's late, I'm at work tomorrow morning and it's not an IT job.

    Port 563 with TLS will be done tomorrow afternoon, Paris time.

    Bonne nuit
    Best regards

    Gabx

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Nomen Nescio@21:1/5 to All on Tue Apr 1 04:33:13 2025
    XPost: alt.privacy.anon-server, news.admin.peering

    On 31 Mar 2025, Gabx <info@tcpreset.invalid> posted some news:vsf3av$25ohg$1@news.tcpreset.net:

    Nomen Nescio wrote:
    200 news.tcpreset.net InterNetNews NNRP server INN 2.6.4 ready
    (posting ok)
    closed


    A configured client seems to connect, no server group list downloads,
    just sits there no errors.

    Also, if you telnet to news.tcpreset.net 119, you get this error.

    400 Encrypted TLS connection failed

    Connection to host lost.

    Thanks for doing this!


    nnrpd with ssl/tls on port 563 requires a separate configuration and
    a separate process.
    Which I haven't done, yet.
    It's late, I'm at work tomorrow morning and it's not an IT job.

    Port 563 with TLS will be done tomorrow afternoon, Paris time.

    Bonne nuit
    Best regards

    I got it working. It was my fault. I run my connections through stunnel
    and accidently duped a listening port.

    Thanks again!

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Gabx@21:1/5 to Nomen Nescio on Tue Apr 1 07:10:08 2025
    XPost: alt.privacy.anon-server, news.admin.peering

    Nomen Nescio wrote:

    I got it working. It was my fault. I run my connections through stunnel
    and accidently duped a listening port.

    Thanks again!


    Regardless, it is not normal that on port 119 my server responds
    like this:

    $ openssl s_client news.tcpreset.net:119
    Connecting to 94.130.76.71
    CONNECTED(00000003)
    depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
    verify return:1
    depth=1 C=US, O=Let's Encrypt, .....
    .......................................

    I have to use a nnrpd separate from innd that manages TLS and port 563
    by itself with its own configuration file news/readers-tls.conf and a
    dedicated systemd script system/inn-nnrpd.

    Best regards
    Gabx

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Doctor@21:1/5 to All on Tue Apr 1 14:15:34 2025
    XPost: alt.privacy.anon-server, news.admin.peering

    I have a wildcard certificate and here is what comes up

    openssl s_client news.nk.ca:119
    CONNECTED(00000003)
    0020C1DD88210000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:355:
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 5 bytes and written 316 bytes
    Verification: OK
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent
    Verify return code: 0 (ok)
    ---



    openssl s_client news.nk.ca:563
    CONNECTED(00000003)
    0020E12CA7390000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:355:
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 5 bytes and written 316 bytes
    Verification: OK
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent
    Verify return code: 0 (ok)
    ---


    Is their and issue with wildcard certs?

    --
    Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
    Yahweh, King & country!Never Satan Preside
  • From Nomen Nescio@21:1/5 to All on Wed Apr 2 10:45:51 2025
    XPost: alt.privacy.anon-server, news.admin.peering

    On 01 Apr 2025, doctor@doctor.nl2k.ab.ca (The Doctor) posted some news:vsgse6$1ib5$4@gallifrey.nk.ca:

    I have a wildcard certificate and here is what comes up

    openssl s_client news.nk.ca:119
    CONNECTED(00000003)
    0020C1DD88210000:error:0A00010B:SSL routines:ssl3_get_record:wrong
    version number:ssl/record/ssl3_record.c:355: ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 5 bytes and written 316 bytes
    Verification: OK
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent
    Verify return code: 0 (ok)
    ---



    openssl s_client news.nk.ca:563
    CONNECTED(00000003)
    0020E12CA7390000:error:0A00010B:SSL routines:ssl3_get_record:wrong
    version number:ssl/record/ssl3_record.c:355: ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 5 bytes and written 316 bytes
    Verification: OK
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent
    Verify return code: 0 (ok)
    ---


    Is their and issue with wildcard certs?

    Hello, This is the output I received. I compared it to several other news servers on port 119 and it's identical except for start time.

    openssl s_client -connect news.nk.ca:119
    CONNECTED(00000248)
    8376:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s23_clnt.c:794:
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 7 bytes and written 307 bytes
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
    Protocol : TLSv1.2
    Cipher : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1743564579
    Timeout : 300 (sec)
    Verify return code: 0 (ok)
    ---

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Doctor@21:1/5 to nobody@dizum.com on Wed Apr 2 15:45:58 2025
    XPost: alt.privacy.anon-server, news.admin.peering

    In article <feda87216a868a05fe3e02c13165bc2c@dizum.com>,
    Nomen Nescio <nobody@dizum.com> wrote:
    On 01 Apr 2025, doctor@doctor.nl2k.ab.ca (The Doctor) posted some >news:vsgse6$1ib5$4@gallifrey.nk.ca:

    I have a wildcard certificate and here is what comes up

    openssl s_client news.nk.ca:119
    CONNECTED(00000003)
    0020C1DD88210000:error:0A00010B:SSL routines:ssl3_get_record:wrong
    version number:ssl/record/ssl3_record.c:355: ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 5 bytes and written 316 bytes
    Verification: OK
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent
    Verify return code: 0 (ok)
    ---



    openssl s_client news.nk.ca:563
    CONNECTED(00000003)
    0020E12CA7390000:error:0A00010B:SSL routines:ssl3_get_record:wrong
    version number:ssl/record/ssl3_record.c:355: ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 5 bytes and written 316 bytes
    Verification: OK
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent
    Verify return code: 0 (ok)
    ---


    Is their and issue with wildcard certs?

    Hello, This is the output I received. I compared it to several other news >servers on port 119 and it's identical except for start time.

    openssl s_client -connect news.nk.ca:119
    CONNECTED(00000248)
    8376:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown >protocol:.\ssl\s23_clnt.c:794:
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 7 bytes and written 307 bytes
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
    Protocol : TLSv1.2
    Cipher : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1743564579
    Timeout : 300 (sec)
    Verify return code: 0 (ok)
    ---


    I "fixed" it with the correct cert but NOw I get a timeout.
    --
    Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
    Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ;
    Canada -Save the Nation from Donald Trump - Vote Liberal!

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)