NNTPS via port 563
avon at bbs.geek.nz
avon at bbs.geek.nz
Sat Aug 15 10:41:51 UTC 2015
Hi all,
I'm trying to configure this to work on my server but hitting a few snags.
I followed the instructions for TSL support in the nnrpd docs and have
created a self-signed certificate, set the permissions for it correctly,
updated inn.conf with the correct paths to tlscapath, tlscertfile and
tlskeyfile
I then installed inetd on my debian system and configured it to run 'nntps
stream tcp nowait news <pathbin>/nnrpd nnrpd -S' and confirmed nntps is
stated in etc/services
Now, I have been trying to test localhost connections to port 563 using
Mozilla Thunderbird. I firstly confirmed it was running and open using nmap
of the localhost and it shows port 563 open snews tcp
I then connected using Thunderbird and can see the message
Timestamp: 15/08/2015 10:16:37 p.m.
Error: xxx.xxx.xxx.xxx:563 uses an invalid security certificate. (I have
removed the local IP)
The certificate does not come from a trusted source.
The certificate is only valid for news.bbs.geek.nz
(Error code: mozilla_pkix_error_ca_cert_used_as_end_entity)
I can also see in syslog news nnrpd say 'startttls TLSv1.2 with cipher XXXXX
(removed the numbers) (256/256 bits) no authentication
Then it look like my client is connecting on port 119
Followed by a correct match in readers.conf for the secure auth group and
access group
Does anyone have any ideas how to progress this?
I figured I needed to set up port 563 first before I sorted out some kind of
authentication via user name / password for user logins (does anyone use
username/password auth over plain port 119 thesedays?)
Best, Paul.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/inn-workers/attachments/20150815/e1d24d4b/attachment.html>
More information about the inn-workers
mailing list