Path: ...!3.us.feeder.erje.net!3.eu.feeder.erje.net!feeder.erje.net!weretis.net!feeder8.news.weretis.net!pasdenom.info!.POSTED.newsportal.pasdenom.info!newsportal
From: =?UTF-8?Q?yamo'?= <user@tld.invalid>
Newsgroups: fr.comp.usenet.serveurs
Subject: Re: letsencrypt et INN2
Date: Fri, 10 Jun 2022 09:30:34 -0000 (UTC)
Organization: <https://pasdenom.info/news.html>
Message-ID: <t7v2vq$gel$1@rasp.pasdenom.info>
References: <t7tcqp$ls2$1@rasp.pasdenom.info>
Reply-To: yamo@groumpf.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 10 Jun 2022 09:30:34 -0000 (UTC)
Injection-Info: newsportal.pasdenom.info; posting-account="stephane@usenet"; 
 posting-host="2a01:e0a:21:ea80:2bcd:1898:8c71:814c" logging-data="http"; 
 mail-complaints-to="abuse@pasdenom.info"
User-Agent: NewsPortal/0.52.a6 
 ( https://gitlab.com/yamo-nntp/newsportal )
Cancel-Lock: sha256:E4zgA6YGM6PUxGydCCa6asRMZZl3v831kxtMLKdK3PU=
Http-User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Firefox/68.0 SeaMonkey/2.53.12
Bytes: 2692
Lines: 44

Salut, 
yamo' a écrit :
> Il y a t'il une documentation pour utiliser un certificat Let’s Encrypt 
> sur INN2 (avec nnrpd). 

C'est désormais indiqué dans la doc...

<https://www.eyrie.org/~eagle/software/inn/docs-2.6/inn.conf.html>
#    tlscapath:      /etc/letsencrypt/live/news.server.com
#    tlscafile:      /etc/letsencrypt/live/news.server.com/chain.pem
#    tlscertfile:    /etc/letsencrypt/live/news.server.com/cert.pem
#    tlskeyfile:     /etc/letsencrypt/live/news.server.com/privkey.pem

Pour tlsciphers, je n'arrive pas à renseigner le champs.

inncheck couine quand je mets :
tlsciphers: TLS_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

Avec ça, (je n'y comprends rien), ça a l'air OK :

tlsciphers: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

Mais flnews n'est toujours pas content.

sslscan me dit :
 Supported Server Cipher(s):
Preferred TLSv1.3  128 bits  TLS_AES_128_GCM_SHA256        Curve 25519 DHE 
253
Accepted  TLSv1.3  256 bits  TLS_AES_256_GCM_SHA384        Curve 25519 DHE 
253
Accepted  TLSv1.3  256 bits  TLS_CHACHA20_POLY1305_SHA256  Curve 25519 DHE 
253
Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve 25519 DHE 
253
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 2048 bits
Accepted  TLSv1.2  256 bits  ECDHE-RSA-CHACHA20-POLY1305   Curve 25519 DHE 
253
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve 25519 DHE 
253
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 2048 bits


-- 
Stéphane