| Deutsch English Français Italiano |
|
<sjdc1l$ogq$1@gioia.aioe.org> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder6.news.weretis.net!4.us.feeder.erje.net!2.eu.feeder.erje.net!feeder.erje.net!newsfeed.xs4all.nl!newsfeed9.news.xs4all.nl!feeder1.feed.usenet.farm!feed.usenet.farm!aioe.org!mcuwdriBWtKNza4+KU91lA.user.46.165.242.75.POSTED!not-for-mail
From: Paul <nospam@needed.invalid>
Newsgroups: eternal-september.support
Subject: Re: No messages displayed
Date: Sun, 3 Oct 2021 18:49:13 -0400
Organization: Aioe.org NNTP Server
Message-ID: <sjdc1l$ogq$1@gioia.aioe.org>
References: <sjd18a$3ao$1@dont-email.me> <sjd4nv$urc$1@dont-email.me>
<sjd5c5$4lk$1@dont-email.me> <sjd61s$urc$3@dont-email.me>
<sjd6dg$c00$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: gioia.aioe.org; logging-data="25114"; posting-host="mcuwdriBWtKNza4+KU91lA.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
X-Mozilla-News-Host: news://nntp.aioe.org
Content-Language: en-US
X-Notice: Filtered by postfilter v. 0.9.2
Bytes: 4469
Lines: 97
On 10/3/2021 5:13 PM, gareth evans wrote:
> On 03/10/2021 22:07, John McCue wrote:
>> Adam H. Kerman <ahk@chinet.com> wrote:
>>> John McCue <jmclnx@SPAMisBADgmail.com> wrote:
>>>> gareth evans <headstone255@yahoo.com> wrote:
>>
>> <snip>
>>
>>>> That works for me, but I had to install a patch for
>>>> Lets-encrypt last Thursday (Sep 30).
>>>
>>> A patch? Couldn't you install the new root certificate directly?
>>
>> OpenBSD had a patch associated with Lets Encrypt:
>>
>> https://undeadly.org/cgi?action=article;sid=20211001073034
>>
>> So it is possible others could need a patch, or at the very
>> least a new root cert.
>>
>
> Let's Encrypt???????
>
> Have I missed something, what is it?
>
> Running W10 here.
>
http://www.eternal-september.org/index.php?showpage=techinfo
Server name: news.eternal-september.org
Port : 119 (NNTP)
Port : 563 (encrypted connection NNTPS) <=== certificate-dependent
Servername: reader80.eternal-september.org
Port : 80
Servername: reader443.eternal-september.org
Port : 443 (encrypted connection NNTPS) <=== certificate-dependent
If you use the encrypted connection, it protects your password
for authentication, in flight. If you use port 110, the password
travels over the network cables as plaintext.
On the minus side, while the nttps connection is set up,
a thing like a secure socket layer, negotiates with the
other end. One of the parts of that, is verifying the other
end is "who it says it is". This is done with certificates.
Certificates verified by various crypto-strings in them.
Someone in another news group (WinXP group), claims:
"(You'll need ISRG Root X1, ISRG Root X2, Let’s Encrypt R3 and
Let’s Encrypt E1)"
The chacha is explained here, in the diagram. You would only
need all four, if you want the client to support two flavors of
crypto (paranoid server operators may choose the non-RSA option).
https://letsencrypt.org/certificates/
Text version of R3, based on RSA crypto.
https://letsencrypt.org/certs/lets-encrypt-r3.txt
Validity
Not Before: Sep 4 00:00:00 2020 GMT
Not After : Sep 15 16:00:00 2025 GMT
As far as I know, Firefox has its own certificate store, Thunderbird
is a copy of Firefox, so it should have its own certificate store.
This is what I see here right now on mine. Thunderbird 52.3 .
https://i.postimg.cc/x8X4b3Pp/tbird-cert.gif
Other web browsers or news clients, may rely on the platform
store, and the platform store may check in every six hours
for updates. But we don't have to worry about that right now,
and instead figure out why your certificates aren't right.
It looks like maybe mine updated, but I don't really get
this certificate stuff, so I can't be sure. I'd have to get
a database dumper working, and the format of certxxx.db may
change from one version of Thunderbird to the next.
Since my connection to mixmin is working, it implies that
somehow mine is working right now. Mixmin is on 563
(might not use other port numbers, hard to tell).
I usually get a migraine when this topic is forced upon me :-)
Thank goodness this is working. What a relief.
Paul