Deutsch English Français Italiano |
<sjdc1l$ogq$1@gioia.aioe.org> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder6.news.weretis.net!4.us.feeder.erje.net!2.eu.feeder.erje.net!feeder.erje.net!newsfeed.xs4all.nl!newsfeed9.news.xs4all.nl!feeder1.feed.usenet.farm!feed.usenet.farm!aioe.org!mcuwdriBWtKNza4+KU91lA.user.46.165.242.75.POSTED!not-for-mail From: Paul <nospam@needed.invalid> Newsgroups: eternal-september.support Subject: Re: No messages displayed Date: Sun, 3 Oct 2021 18:49:13 -0400 Organization: Aioe.org NNTP Server Message-ID: <sjdc1l$ogq$1@gioia.aioe.org> References: <sjd18a$3ao$1@dont-email.me> <sjd4nv$urc$1@dont-email.me> <sjd5c5$4lk$1@dont-email.me> <sjd61s$urc$3@dont-email.me> <sjd6dg$c00$1@dont-email.me> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Injection-Info: gioia.aioe.org; logging-data="25114"; posting-host="mcuwdriBWtKNza4+KU91lA.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org"; User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802) X-Mozilla-News-Host: news://nntp.aioe.org Content-Language: en-US X-Notice: Filtered by postfilter v. 0.9.2 Bytes: 4469 Lines: 97 On 10/3/2021 5:13 PM, gareth evans wrote: > On 03/10/2021 22:07, John McCue wrote: >> Adam H. Kerman <ahk@chinet.com> wrote: >>> John McCue <jmclnx@SPAMisBADgmail.com> wrote: >>>> gareth evans <headstone255@yahoo.com> wrote: >> >> <snip> >> >>>> That works for me, but I had to install a patch for >>>> Lets-encrypt last Thursday (Sep 30). >>> >>> A patch? Couldn't you install the new root certificate directly? >> >> OpenBSD had a patch associated with Lets Encrypt: >> >> https://undeadly.org/cgi?action=article;sid=20211001073034 >> >> So it is possible others could need a patch, or at the very >> least a new root cert. >> > > Let's Encrypt??????? > > Have I missed something, what is it? > > Running W10 here. > http://www.eternal-september.org/index.php?showpage=techinfo Server name: news.eternal-september.org Port : 119 (NNTP) Port : 563 (encrypted connection NNTPS) <=== certificate-dependent Servername: reader80.eternal-september.org Port : 80 Servername: reader443.eternal-september.org Port : 443 (encrypted connection NNTPS) <=== certificate-dependent If you use the encrypted connection, it protects your password for authentication, in flight. If you use port 110, the password travels over the network cables as plaintext. On the minus side, while the nttps connection is set up, a thing like a secure socket layer, negotiates with the other end. One of the parts of that, is verifying the other end is "who it says it is". This is done with certificates. Certificates verified by various crypto-strings in them. Someone in another news group (WinXP group), claims: "(You'll need ISRG Root X1, ISRG Root X2, Let’s Encrypt R3 and Let’s Encrypt E1)" The chacha is explained here, in the diagram. You would only need all four, if you want the client to support two flavors of crypto (paranoid server operators may choose the non-RSA option). https://letsencrypt.org/certificates/ Text version of R3, based on RSA crypto. https://letsencrypt.org/certs/lets-encrypt-r3.txt Validity Not Before: Sep 4 00:00:00 2020 GMT Not After : Sep 15 16:00:00 2025 GMT As far as I know, Firefox has its own certificate store, Thunderbird is a copy of Firefox, so it should have its own certificate store. This is what I see here right now on mine. Thunderbird 52.3 . https://i.postimg.cc/x8X4b3Pp/tbird-cert.gif Other web browsers or news clients, may rely on the platform store, and the platform store may check in every six hours for updates. But we don't have to worry about that right now, and instead figure out why your certificates aren't right. It looks like maybe mine updated, but I don't really get this certificate stuff, so I can't be sure. I'd have to get a database dumper working, and the format of certxxx.db may change from one version of Thunderbird to the next. Since my connection to mixmin is working, it implies that somehow mine is working right now. Mixmin is on 563 (might not use other port numbers, hard to tell). I usually get a migraine when this topic is forced upon me :-) Thank goodness this is working. What a relief. Paul