Hello Oli,
Did you see Rob's post in FIDONEWS?
I have a Synchronet here, Equinox BBS that I have listening as Rob suggested on port 24555 for secure binkps, and also good old binkp on 24554.
The details for that BBS is..
Equinox BBS
1:153/757.2
equinoxbbs.ddns.net
I don't know how to initiate a poll over TLS from my binkd to it and
I don't know if I have all the needed bits yet for a secure session
over TLS but it is listening so feel free to try.
verify error:num=66:EE certificate key too weak
verify return:1
this should work with binkley
node 1:153/757.2 -pipe "openssl s_client -quiet -alpn binkp -connect *H:*I" equinoxbbs.ddns.net:24555
but it doesn't.
+ 07:12 [1060] call to 1:153/757.2@fidonet
+ 07:12 [1060] External command 'openssl s_client -quiet -alpn binkp -connect equinoxbbs.ddns.net:24555' started, pid 1061 07:12 [1060] connected + 07:12 [1060] outgoing session with
equinoxbbs.ddns.net:24555 - 07:12 [1060] hiding aka
21:1/151@fsxnet depth=0 C = ZZ, O = The Rusty MailBox, CN = trmb.synchro.net verify error:num=66:EE certificate key too
weak verify return:1 depth=0 C = ZZ, O = The Rusty MailBox, CN = trmb.synchro.net verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = ZZ, O = The Rusty MailBox, CN
= trmb.synchro.net verify error:num=21:unable to verify the first certificate verify return:1
1996181520:error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small:../ssl/statem/statem_clnt.c:2150:
ncat doesn't work either. I'm mostly offline for the next couple of
days or weeks. And I will not read much of the fsx/fidonet mails.
That is a default self signed cert. Also is was a bit old so I've
deleted those and created new ones.
I does actually work between binkit mailers but we may need to up
that a bit to work with binkd. I'll try getting a cert from
letsencrypt. That may work better.
Thanks for testing and we'll catch you back here when you can make it.
I does actually work between binkit mailers but we may need to
up that a bit to work with binkd. I'll try getting a cert from
letsencrypt. That may work better.
Self-signed cert is fine with my setup. I think it has more to do
with the TLS implementation binkit uses, but I'm not a TLS expert.
I does actually work between binkit mailers but we may need to
up that a bit to work with binkd. I'll try getting a cert from
letsencrypt. That may work better.
Self-signed cert is fine with my setup. I think it has more to
do with the TLS implementation binkit uses, but I'm not a TLS
expert.
Can you try again? I'm going to try sending to and from that point
with binkd and just want to be sure it works before messing with it.
Sysop: | Eric Oulashin |
---|---|
Location: | Beaverton, Oregon, USA |
Users: | 90 |
Nodes: | 16 (0 / 16) |
Uptime: | 04:55:15 |
Calls: | 5,069 |
Calls today: | 1 |
Files: | 8,491 |
Messages: | 352,748 |