* Replying to a msg in fidonews (fidonews)

Hi Oli.

12 Dec 19 18:52:22, you wrote to me:

Without BinkpTLS=true in the node section for 153/757 binkit

doesn't AI>> send to 153/757, and with it set to true it attempts to
send it but AI>> fails because of a bad password. 153/757 is running
binkd and doesn't AI>> have TLS support.

Use a proxy ;)

Maybe someone wants to try 2:221/6:

binkps://news.fidonet.fi:24567

binkd to binkd TLS connection:

+ 18:48 [3125] call to 2:221/6@fidonet
+ 18:48 [3125] External command 'openssl s_client -quiet -alpn binkp

-connect

news.fidonet.fi:24567' started, pid 3126
18:48 [3125] connected
+ 18:48 [3125] outgoing session with news.fidonet.fi:24567

Would you explain this "external command"? How to run it from binkd?

'Tommi

---
* Origin: - rbb.fidonet.fi - Finland - (2:221/360)

Use a proxy ;)

Maybe someone wants to try 2:221/6:

binkps://news.fidonet.fi:24567

binkd to binkd TLS connection:

+ 18:48 [3125] call to 2:221/6@fidonet
+ 18:48 [3125] External command 'openssl s_client -quiet -alpn binkp -connect
news.fidonet.fi:24567' started, pid 3126
18:48 [3125] connected
+ 18:48 [3125] outgoing session with news.fidonet.fi:24567

Would you explain this "external command"? How to run it from binkd?

Never mind, I got it:

=== Cut ===
node 2:221/6 -pipe "openssl s_client -quiet -alpn binkp -connect news.fidonet.fi:24567" *
=== Cut ===

:)

'Tommi

---
* Origin: - rbb.fidonet.fi - Finland - (2:221/360)

Would you explain this "external command"? How to run it from
binkd?

Never mind, I got it:

=== Cut ===
node 2:221/6 -pipe "openssl s_client -quiet -alpn binkp -connect news.fidonet.fi:24567" *
=== Cut ===

alternatice command is

node 2:221/6 -pipe "ncat --ssl-alpn binkp *H *I" news.fidonet.fi:24567

The alpn stuff is only needed if the server demands it (e.g when running webserver, xmpp server, binkp on port 443). I use "ncat --ssl-alpn binkp H* I*", because "ncat --ssl H* I*" invokes ncat with the port number "I*" instead of the real port number. I guess this is a bug in binkd. Some problem with parsing the -pipe parameter?

I wonder, if we should directly jump to QUIC instead of implementing TLS over TCP?


* Origin: kakistocracy (2:280/464.47)

=== Cut ===
node 2:221/6 -pipe "openssl s_client -quiet -alpn binkp -connect
news.fidonet.fi:24567" *
=== Cut ===

alternatice command is

node 2:221/6 -pipe "ncat --ssl-alpn binkp *H *I" news.fidonet.fi:24567

The alpn stuff is only needed if the server demands it (e.g when
running webserver, xmpp server, binkp on port 443). I use "ncat
--ssl-alpn binkp H* I*", because "ncat --ssl H* I*" invokes ncat with
the port number "I*" instead of the real port number. I guess this is
a bug in binkd. Some problem with parsing the -pipe parameter?

I meant *H and *I instead of H* and I*




* Origin: kakistocracy (2:280/464.47)

Hi Oli,

On 2019-12-13 22:03:43, you wrote to Tommi Koivula:

=== Cut ===
node 2:221/6 -pipe "openssl s_client -quiet -alpn binkp -connect
news.fidonet.fi:24567" *
=== Cut ===

alternatice command is

node 2:221/6 -pipe "ncat --ssl-alpn binkp *H *I" news.fidonet.fi:24567

The alpn stuff is only needed if the server demands it (e.g when running webserver, xmpp server, binkp on port 443).

My version of ncat and openssl don't know about -alpn. Maybe my linux is too old?

And I think it's better to use --ssl-verify with ncat.

I wonder, if we should directly jump to QUIC instead of implementing
TLS over TCP?

It's probably too new. And not supported yet on a lot of systems? How do you check anyway? ;)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)