Article <71c273aec7f8fd875ab5711e7d54483e2576bdf7@i2pn2.org>

Deutsch English Français Italiano
<71c273aec7f8fd875ab5711e7d54483e2576bdf7@i2pn2.org>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!eternal-september.org!feeder3.eternal-september.org!i2pn.org!i2pn2.org!.POSTED!not-for-mail
From: Stefan Claas <fgrsna.pynnf@vagrearg.eh>
Newsgroups: misc.test
Subject: Re: test https://m2usenet.virebent.art/
Date: Tue, 1 Apr 2025 23:05:54 +0200
Organization: i2pn2 (i2pn.org)
Message-ID: <71c273aec7f8fd875ab5711e7d54483e2576bdf7@i2pn2.org>
References: <vshh7k$3e52$1@news.tcpreset.net> <b09e406f3ced24a56bcc036cf7b737c0b0b79cc1@i2pn2.org> <vshjpu$1hh5$1@news.tcpreset.net>
MIME-Version: 1.0
Injection-Date: Tue, 1 Apr 2025 21:05:55 -0000 (UTC)
Injection-Info: i2pn2.org;
	logging-data="2722683"; mail-complaints-to="usenet@i2pn2.org";
	posting-account="ieSrCjSDShpZNyqIW52mlwIkg76Hsp+TOOO6KTdfCN8";
Keywords: ignore,no-reply
User-Agent: flnews/1.3.0pre29 (for GNU/Linux)
Cancel-Lock: sha1:hUVPdP5Q8nexuwTudn6TIpN8wGg=
X-Ed25519-Pub: c0ffee5a36e581eb10f60b2831b3cdb955d2e7ef680dd282a8d43ad8b84b357a
X-Spam-Checker-Version: SpamAssassin 4.0.0
X-Ed25519-Sig: 20983f48538e5a7c4c72e6e1f92b9566a785ec9f786028e8b19a5c1ca6921bee
 65ffdd10bba8d24bc5486edfbfd051389330c284f8d997e39943609a2ba4cf03
X-Date: It's Tue Sep 11536 11:05:54 PM CEST 1993, the September that never ends.
Bytes: 3334
Lines: 69

Gabx wrote:
> Stefan Claas wrote:
> > Gabx wrote:
> > > Stefan Claas wrote:
> > > 
> > > > Why not let it only run on port 119, so that all clients
> > > > and my m2n can connect?
> Because even though I use the nnrpdflags: directive without the -S 
> option which stands for 'secure', 'ssl', 'tls', etc. innd continues 
> to offer tls on port 119
> :)
> 
> > > the norm would be to have port 119 in clear and for onion, 
> > > port 563 for tlsv1.2/1.3. 
> > > Everything else is a workaround.
> 
> This is correct !
>  
> > I think this is not correct, because TLS needs a certificate,
> > which can't be issued for onion addresses. 
> 
> I said the above i said is correct because onion port 119 would run 
> on clear without letsencrypt certificates.
> 
> > An old saying: Never change a running system ... So why not
> 
> we all know the sayings ....
> 
> > let it work as before and use 119 for onion and clearnet
> > without TLS and additionally TLS for clearnet?
> > 
> 
> By the way,
> i have commented all tls* options in news/inn.conf on the top of an 
> empty nnrpdflags directive. 
> Innd is a real motherf*****er.
> 
> For you would be easier a
> 
>     context = ssl.create_default_context()
>     context.check_hostname = False
>     context.verify_mode = ssl.CERT_NONE
> 
> back on INND context, i can't beleave:
> 
> $ openssl s_client news.tcpreset.net:119
> Connecting to 2a01:4f8:c0c:2f94::1
> CONNECTED(00000003)
> depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
> verify return:1
> depth=1 C=US, O=Let's Encrypt, CN=R11
> verify return:1
> depth=0 CN=news.tcpreset.net
> verify return:1
> 
> I have asked help at the nntp community and also i wrote a mail to Ivo
> (paganini),
> waiting for reponse.
> 
> Bonne nuit

Ok, thanks for the info! I will wait then until your server is ready
and may adjust my m2n.

Regards
Stefan

-- 
Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTC
ohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox