Sujet : Re: test https://m2usenet.virebent.art/
De : info (at) *nospam* tcpreset.invalid (Gabx)
Groupes : misc.testDate : 01. Apr 2025, 21:54:22
Autres entêtes
Organisation : Victor Usenet Postings
Message-ID : <vshjpu$1hh5$1@news.tcpreset.net>
References : 1 2
User-Agent : flnews/1.2.1 (for GNU/Linux)
Stefan Claas wrote:
Gabx wrote:
Stefan Claas wrote:
Why not let it only run on port 119, so that all clients
and my m2n can connect?
Because even though I use the nnrpdflags: directive without the -S
option which stands for 'secure', 'ssl', 'tls', etc. innd continues
to offer tls on port 119
:)
the norm would be to have port 119 in clear and for onion,
port 563 for tlsv1.2/1.3.
Everything else is a workaround.
This is correct !
I think this is not correct, because TLS needs a certificate,
which can't be issued for onion addresses.
I said the above i said is correct because onion port 119 would run
on clear without letsencrypt certificates.
An old saying: Never change a running system ... So why not
we all know the sayings ....
let it work as before and use 119 for onion and clearnet
without TLS and additionally TLS for clearnet?
By the way,
i have commented all tls* options in news/inn.conf on the top of an
empty nnrpdflags directive.
Innd is a real motherf*****er.
For you would be easier a
context = ssl.create_default_context()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
back on INND context, i can't beleave:
$ openssl s_client news.tcpreset.net:119
Connecting to 2a01:4f8:c0c:2f94::1
CONNECTED(00000003)
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let's Encrypt, CN=R11
verify return:1
depth=0 CN=news.tcpreset.net
verify return:1
I have asked help at the nntp community and also i wrote a mail to Ivo
(paganini),
waiting for reponse.
Bonne nuit
Gabx
Re: test https://m2usenet.virebent.art/
Re: test https://m2usenet.virebent.art/