Hello Oli,

Did you see Rob's post in FIDONEWS?

I have a Synchronet here, Equinox BBS that I have listening as Rob suggested on
port 24555 for secure binkps, and also good old binkp on 24554.

The details for that BBS is..

Equinox BBS
1:153/757.2
equinoxbbs.ddns.net

I don't know how to initiate a poll over TLS from my binkd to it and I don't know if I have all the needed bits yet for a secure session over TLS but it is listening so feel free to try.

Ttyl :-),
Al

--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

On Mon, 9 Dec 2019 17:19:34 -0800
"Al -> Oli" <0@106.4.21> wrote:

Hello Oli,

Did you see Rob's post in FIDONEWS?

I have a Synchronet here, Equinox BBS that I have listening as Rob suggested on port 24555 for secure binkps, and also good old binkp on 24554.

The details for that BBS is..

Equinox BBS
1:153/757.2
equinoxbbs.ddns.net

I don't know how to initiate a poll over TLS from my binkd to it and
I don't know if I have all the needed bits yet for a secure session
over TLS but it is listening so feel free to try.

this should work with binkley
node 1:153/757.2 -pipe "openssl s_client -quiet -alpn binkp -connect *H:*I" equinoxbbs.ddns.net:24555

but it doesn't.

? 07:12 [1059] Cannot find domain for zone 1, assuming 'fidonet'
07:12 [1059] BEGIN, binkd/1.1a-99/Linux -p -P 1:153/757.2 /srv/ftn/binkd/binkd.cfg
? 07:12 [1059] Cannot find domain for zone 1, assuming 'fidonet'
07:12 [1059] creating a poll for 1:153/757.2@fidonet (`d' flavour)
07:12 [1059] clientmgr started
$ -d 1:153/757.2@fidonet
+ 07:12 [1060] call to 1:153/757.2@fidonet
+ 07:12 [1060] External command 'openssl s_client -quiet -alpn binkp -connect equinoxbbs.ddns.net:24555' started, pid 1061
07:12 [1060] connected
+ 07:12 [1060] outgoing session with equinoxbbs.ddns.net:24555
- 07:12 [1060] hiding aka 21:1/151@fsxnet
depth=0 C = ZZ, O = The Rusty MailBox, CN = trmb.synchro.net
verify error:num=66:EE certificate key too weak
verify return:1
depth=0 C = ZZ, O = The Rusty MailBox, CN = trmb.synchro.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = ZZ, O = The Rusty MailBox, CN = trmb.synchro.net
verify error:num=21:unable to verify the first certificate
verify return:1
1996181520:error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small:../ssl/statem/statem_clnt.c:2150:
? 07:12 [1060] recv: connection closed by foreign host
+ 07:12 [1060] holding 1:153/757.2@fidonet (2019/12/12 07:22:59)
+ 07:12 [1060] done (to 1:153/757.2@fidonet, failed, S/R: 0/0 (0/0 bytes))
07:12 [1060] session closed, quitting...
07:12 [1060] rc(1061)=1
07:12 [1059] rc(1060)=0
07:12 [1059] the queue is empty, quitting...

ncat doesn't work either. I'm mostly offline for the next couple of days or weeks. And I will not read much of the fsx/fidonet mails.

---
* Origin: (21:1/151)

verify return:1

Taking bets on whether it's cryptlib related ... :P

Andrew

--- MagickaBBS v0.13alpha (Linux/x86_64)
* Origin: HappyLand - telnet://magickabbs.com:2023/ (21:1/126)

Hello Oli,

this should work with binkley
node 1:153/757.2 -pipe "openssl s_client -quiet -alpn binkp -connect *H:*I" equinoxbbs.ddns.net:24555

but it doesn't.

[...]

+ 07:12 [1060] call to 1:153/757.2@fidonet
+ 07:12 [1060] External command 'openssl s_client -quiet -alpn binkp -connect equinoxbbs.ddns.net:24555' started, pid 1061 07:12 [1060] connected + 07:12 [1060] outgoing session with
equinoxbbs.ddns.net:24555 - 07:12 [1060] hiding aka
21:1/151@fsxnet depth=0 C = ZZ, O = The Rusty MailBox, CN = trmb.synchro.net verify error:num=66:EE certificate key too
weak verify return:1 depth=0 C = ZZ, O = The Rusty MailBox, CN = trmb.synchro.net verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = ZZ, O = The Rusty MailBox, CN
= trmb.synchro.net verify error:num=21:unable to verify the first certificate verify return:1
1996181520:error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small:../ssl/statem/statem_clnt.c:2150:

ncat doesn't work either. I'm mostly offline for the next couple of
days or weeks. And I will not read much of the fsx/fidonet mails.

That is a default self signed cert. Also is was a bit old so I've deleted those
and created new ones.

I does actually work between binkit mailers but we may need to up that a bit to
work with binkd. I'll try getting a cert from letsencrypt. That may work better.

Thanks for testing and we'll catch you back here when you can make it.

Ttyl :-),
Al

--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

deleted those and created new ones.

I does actually work between binkit mailers but we may need to up
that a bit to work with binkd. I'll try getting a cert from
letsencrypt. That may work better.

Self-signed cert is fine with my setup. I think it has more to do with the TLS implementation binkit uses, but I'm not a TLS expert.

Thanks for testing and we'll catch you back here when you can make it.

---
* Origin: (21:1/151)

I does actually work between binkit mailers but we may need to
up that a bit to work with binkd. I'll try getting a cert from
letsencrypt. That may work better.

Self-signed cert is fine with my setup. I think it has more to do
with the TLS implementation binkit uses, but I'm not a TLS expert.

Can you try again? I'm going to try sending to and from that point with
binkd and just want to be sure it works before messing with it.

Ttyl :-),
Al

--- MagickaBBS v0.13alpha (Linux/x86_64)
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

On Sun, 15 Dec 2019 13:29:32 -0800
"Al -> Oli" <0@106.4.21> wrote:

I does actually work between binkit mailers but we may need to
up that a bit to work with binkd. I'll try getting a cert from
letsencrypt. That may work better.

Self-signed cert is fine with my setup. I think it has more to
do with the TLS implementation binkit uses, but I'm not a TLS
expert.

Can you try again? I'm going to try sending to and from that point
with binkd and just want to be sure it works before messing with it.

same error

---
* Origin: REPLY (21:1/151)