Groups | Search | Server Info | Login | Register
Groups > comp.protocols.misc > #52
| From | Ivan Shmakov <oneingray@gmail.com> |
|---|---|
| Newsgroups | news.software.readers, comp.security.misc, comp.protocols.misc |
| Subject | accessing TLS/SSL services, including snews:// |
| Followup-To | news.software.readers, comp.security.misc |
| Date | 2012-09-18 17:39 +0700 |
| Organization | Aioe.org NNTP Server |
| Message-ID | <861uhz7gz3.fsf_-_@gray.siamics.net> (permalink) |
| References | (1 earlier) <k2tf83$1t1$1@n102.xanadu-bbs.net> <eli$1209131701@qz.little-neck.ny.us> <k2u65t$7sp$1@n102.xanadu-bbs.net> <eli$1209141522@qz.little-neck.ny.us> <k32pct$db9$1@n102.xanadu-bbs.net> |
Cross-posted to 3 groups.
Followups directed to: news.software.readers, comp.security.misc
>>>>> John F Morse <john@example.invalid> writes: [Cross-posting to news:comp.security.misc and news:comp.protocols.misc, just in case. Please omit the latter when replying, unless the intent is to discuss the Telnet protocol.] [...] > The OP simply asked "how to post from the command line" and I > provided one solution: telnet. May I remind you that the Telnet protocol has its own control sequences, and may be unsuitable for, e. g., transferring arbitrary binary data? Arguably, a Netcat tool, such as nc6(1), or OpenBSD nc(1), would be a better fit. (For that reason, the hosts under my control rarely provide the telnet(1) client.) > You provided another: openssl. Let me provide the third: gnutls-cli(1). Consider, e. g. (line wrapping by me), the following session. $ gnutls-cli -p 563 news.panix.com Resolving 'news.panix.com'... Connecting to '166.84.1.69:563'... - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - subject `C=US,ST=NY,L=New_York, O=PANIX Public Access Networks Usenet News Servers,OU=news, CN=news.panix.com,EMAIL=staff@panix.com', issuer `C=US,ST=NY,L=New_York, O=PANIX Public Access Networks Usenet News Servers,OU=news, CN=PANIX Public Access Networks Usenet News Servers CA, EMAIL=staff@panix.com', [... Arguably, they should use a certificate signed by a recognized trusted party, such as, e. g., https://cacert.org/.] RSA key 2048 bits, signed using RSA-SHA, activated `2012-01-20 19:20:16 UTC', expires `2022-01-17 19:20:16 UTC', SHA-1 fingerprint `e588294d02985ea671e2c2a7e84f23c524b755bc' - The hostname in the certificate matches 'news.panix.com'. - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - Version: TLS1.0 - Key Exchange: RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL - Handshake was completed - Simple Client Mode: 200 reader1.panix.com InterNetNews NNRP server INN 2.3.3 ready (posting ok). QUIT 205 . - Peer has closed the GNUTLS connection $ > I realize the Subject includes "snews" and telnet is not usable for > SSL/TLS without a helper, like Stunnel. I still don't get how using two TCP connections (Netcat or Telnet to Stunnel, and Stunnel to TLS/SSL server) could be better than using a single one (openssl or gnutls-cli to TLS/SSL server.) [...] -- FSF associate member #7257
Back to comp.protocols.misc | Previous | Next | Find similar
accessing TLS/SSL services, including snews:// Ivan Shmakov <oneingray@gmail.com> - 2012-09-18 17:39 +0700
csiph-web