1. Forum
  2. Usenet
  3. NEWS.SOFTWARE.NNTP

  • error initializing TLS

    From Gabx@21:1/5 to All on Fri Apr 18 08:51:31 2025
    Hi,
    despite disabling TLS and commenting all the entries regarding it, I
    still see errors like this:

    Apr 17 09:44:40 news nnrpd[2355543]: error initializing TLS: [CA_file: ] [CA_path: /etc/news] [cert_file: /etc/news/cert.pem] [key_file: /etc/news/key.pem]

    Running INN2.6.4

    Best regards

    Gabx

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ray Banana@21:1/5 to All on Fri Apr 18 10:34:34 2025
    Thus spake Gabx <null@tcpreset.invalid>

    Hi,
    despite disabling TLS and commenting all the entries regarding it, I
    still see errors like this:
    Apr 17 09:44:40 news nnrpd[2355543]: error initializing TLS: [CA_file:
    ] [CA_path: /etc/news] [cert_file: /etc/news/cert.pem] [key_file: /etc/news/key.pem]
    Running INN2.6.4

    Your server advertises the STARTTLS command:

    ____________________________________________________
    /
    | Report problems to <usenet@news.tcpreset.net>.
    | .
    | capabilities
    | 101 Capability list:
    | VERSION 2
    | IMPLEMENTATION INN 2.6.4
    | AUTHINFO SASL
    | COMPRESS DEFLATE
    | HDR
    | LIST ACTIVE ACTIVE.TIMES COUNTS DISTRIB.PATS DISTRIBUTIONS HEADERS MODERATORS MOTD NEWSGROUPS OVERVIEW.FMT SUBSCRIPTIONS
    | OVER
    | POST
    | READER
    | SASL SCRAM-SHA-1 SCRAM-SHA-256 DIGEST-MD5 NTLM CRAM-MD5
    | STARTTLS
    | XPAT
    \______________________________________________________

    Hence, newsreader clients can request SSL encrypted connections
    on port 119 by issuing the STARTTLS command, which will fail as
    SSL is not configured on your server.
    _______________________________________________________________________
    /
    | news.tcpreset.net InterNetNews NNRP server INN 2.6.4 ready (posting ok)
    | Sending STARTTLS command
    | Error initializing TLS
    \_______________________________________________________________________

    The only way to prevent clients from using STARTTLS would be to
    compile INN with STARTTLS disabled.

    PS: The same applies to AUTHINFO SASL, but you don't offer
    authenticated access to your server, anyway.

    --
    Пу́тін — хуйло́
    https://www.eternal-september.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Gabx@21:1/5 to Ray Banana on Fri Apr 18 12:04:28 2025
    Ray Banana wrote:
    Thus spake Gabx <null@tcpreset.invalid>

    Hi,
    despite disabling TLS and commenting all the entries regarding it, I
    still see errors like this:
    Apr 17 09:44:40 news nnrpd[2355543]: error initializing TLS: [CA_file:
    ] [CA_path: /etc/news] [cert_file: /etc/news/cert.pem] [key_file:
    /etc/news/key.pem]
    Running INN2.6.4

    Your server advertises the STARTTLS command:

    Hence, newsreader clients can request SSL encrypted connections
    on port 119 by issuing the STARTTLS command, which will fail as
    SSL is not configured on your server.



    my INN2.6.4 is a package managed by ubuntu apt.
    So I have to think that inn in my possession looks for these paths
    [CA_path: /etc/news] [cert_file: /etc/news/cert.pem] [key_file /etc/news/key.pem] regardless of whether I have enabled nnrpd -S and the
    tls*: options.

    Regards

    Gabx

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ray Banana@21:1/5 to All on Fri Apr 18 13:50:14 2025
    Thus spake Gabx <info@tcpreset.invalid>

    my INN2.6.4 is a package managed by ubuntu apt.
    So I have to think that inn in my possession looks for these paths
    [CA_path: /etc/news] [cert_file: /etc/news/cert.pem] [key_file
    /etc/news/key.pem] regardless of whether I have enabled nnrpd -S and
    the tls*: options.
    Hence i can get away with it, isn't it?

    That will be up to your users.

    --
    Пу́тін — хуйло́
    https://www.eternal-september.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Gabx@21:1/5 to Gabx on Fri Apr 18 13:24:01 2025
    Gabx wrote:
    Ray Banana wrote:


    Hence, newsreader clients can request SSL encrypted connections
    on port 119 by issuing the STARTTLS command, which will fail as
    SSL is not configured on your server.



    my INN2.6.4 is a package managed by ubuntu apt.
    So I have to think that inn in my possession looks for these paths
    [CA_path: /etc/news] [cert_file: /etc/news/cert.pem] [key_file /etc/news/key.pem] regardless of whether I have enabled nnrpd -S and the tls*: options.


    Hence i can get away with it, isn't it?

    Gabx


    --
    0745074DFEAA9CB762E9D89D3E54F490F2CC5A82

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Gabx@21:1/5 to Ray Banana on Fri Apr 18 16:02:01 2025
    Ray Banana wrote:
    Thus spake Gabx <info@tcpreset.invalid>

    my INN2.6.4 is a package managed by ubuntu apt.
    So I have to think that inn in my possession looks for these paths
    [CA_path: /etc/news] [cert_file: /etc/news/cert.pem] [key_file
    /etc/news/key.pem] regardless of whether I have enabled nnrpd -S and
    the tls*: options.
    Hence i can get away with it, isn't it?

    That will be up to your users.

    You are right!

    Regards

    --
    0745074DFEAA9CB762E9D89D3E54F490F2CC5A82

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)