Hello Avon,

There has been a fair bit of talk lately about binkps.

Digital Man has implemented this in Synchronet/BinkIT and after the small amount of testing I have done I think binkps is a reality for Synchronet sysops. It's just a quick and easy setup in Synchronet and as far as I can tell
it's all ready for action for those Synchronet sysops.

I see some are using proxy's and/or stunnel to do this also with binkd although
I have been looking at that it's a bit more involved with binkd. I'm just about to get my hands in there and see if I can make a go of it.

Let me know if you'd like to do this between our nodes and we can do some testing.

I'm also thinking of Mystic but I think these other implementations are direct TLS rather than opportunistic so maybe changes will need to be made in Mystic but I'd also be willing to test that out when time permits.

Ttyl :-),
Al

--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

On Friday, December 13th Al muttered...

Digital Man has implemented this in Synchronet/BinkIT and after the small amount of testing I have done I think binkps is a reality for Synchronet sysops. It's just a quick and easy setup in Synchronet and as far as I can tell it's all ready for action for those Synchronet sysops.

How did this finally get implemented? ENiG doesn't provide Bink directly but relies on an external tool such as binkd, but if it's just TLS that should be pretty easy to proxy. I'd love to have my FTN packets secured :)




--

NuSkooler
Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic

--- ENiGMA 1/2 v0.0.11-beta (linux; x64; 12.13.1)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

Hello NuSkooler,

How did this finally get implemented? ENiG doesn't provide Bink
directly but relies on an external tool such as binkd, but if it's
just TLS that should be pretty easy to proxy. I'd love to have my FTN packets secured :)

I think the way BinkIT was put together it was ready for this.

What I have done is add a section to my services.ini like this for a binkps listener..

[BINKPS]
Enabled=true
Port=24555
Command=binkit.js
LogLevel=debugging
Options=TLS

To send to a binkps ready node it as simple as adding "BinkpTLS=true" in that nodes section of sbbsecho.ini and also be sure the port is set right for the receivers binkps port.

Ttyl :-),
Al

--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

Hello NuSkooler,

How did this finally get implemented?

DM added these features and gave deuce credit for making the TLS support for Synchronet services and JS modules easy.

ENiG doesn't provide Bink directly but relies on an external tool such
as binkd, but if it's just TLS that should be pretty easy to proxy.

Is ENiG written for/with node.js? Hmm.. :)

I'd love to have my FTN packets secured :)

I think that is the way we should do things and I'm hoping other deveolpers either are or will be on board and help make it easy for nodes to do this.

Ttyl :-),
Al

--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

On Friday, December 13th Al muttered...

DM added these features and gave deuce credit for making the TLS support for Synchronet services and JS modules easy.

Sorry, I mean what is the technical implementation? Is it simply bink over TLS where a proxy can work?

On Friday, December 13th Al was heard saying...

Is ENiG written for/with node.js? Hmm.. :)

Yes, but I don't currently have plans to write a bink client/server, or at least it's down low on the list behind other features.


Al around Friday, December 13th...

I think that is the way we should do things and I'm hoping other deveolpers either are or will be on board and help make it easy for nodes to do this.

+1!



--

NuSkooler
Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic

--- ENiGMA 1/2 v0.0.11-beta (linux; x64; 12.13.1)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

Hello NuSkooler,

DM added these features and gave deuce credit for making the TLS
support for Synchronet services and JS modules easy.

Sorry, I mean what is the technical implementation? Is it simply bink
over TLS where a proxy can work?

There are nodes using binkd in fidonet now but I haven't done this yet. I think
a proxy is used, stunnel and/or ncat but I haven't tried it yet. I still need to figure out how to apply my cert to binkd and have it listen over TLS.

There is a lot of chatter and testing currently in the BINKD area and nodes are
working on all this. The chatter has become to fast and technical for me to follow.

The default port be used for TLS I think is 24553.

Is ENiG written for/with node.js? Hmm.. :)

Yes, but I don't currently have plans to write a bink client/server,
or at least it's down low on the list behind other features.

There is no need to, folks can use binkd and it is a good stable mailer.

I think that is the way we should do things and I'm hoping other
deveolpers either are or will be on board and help make it easy
for nodes to do this.

+1!

A healthy discussion is underway now that I hope will continue. Lots of details
are comming out around all the stuff folks are going to be bumping into. It's looking like self signed certs are going to be frowned on so getting a cert from letsencrypt might be a good idea.

Ttyl :-),
Al

--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

On 13 Dec 2019 at 04:42p, Al pondered and said...

There has been a fair bit of talk lately about binkps.

I have been trying (and failing) to keep up with this thread over multiple echos..

I see some are using proxy's and/or stunnel to do this also with binkd although I have been looking at that it's a bit more involved with
binkd. I'm just about to get my hands in there and see if I can make a
go of it.

Let me know if you'd like to do this between our nodes and we can do some testing.

I am keen Al but let me have a few days before we test stuff out. I think the idea of securing comms between nodes using this sort of stuff is a good thing also.

--- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Hello Avon,

There has been a fair bit of talk lately about binkps.

I have been trying (and failing) to keep up with this thread over
multiple echos..

Me too.. I have done nothing at this point. I'm looking at it all and I can't figure out what my next steps are.

Let me know if you'd like to do this between our nodes and we can
do some testing.

I am keen Al but let me have a few days before we test stuff out. I
think the idea of securing comms between nodes using this sort of
stuff is a good thing also.

No hurries at all. I am happy enough that at the moment a number of folks more technical than myself are busy at these details and I'll just wait while it all
settles.

It looks at the moment that the default port for binkps is 24553 and also looks
like self signed certs are going to be frowned upon. I have a cert from letsencrypt for trmb.ca but need to figure out how to use it.

When I try to work out how to do this it all gets messed up in my head so I think I'll just sleep on it for a day or three.. :)

Ttyl :-),
Al

--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

like self signed certs are going to be frowned upon. I have a cert from

I run TLS on my systems ~ no certs needed. Certs in today's age is well
you know...

Ozz
--- RyoBBS FTN Tosser/JAM v1.19.10 (Alpha-3)
* Origin: RyoBBS WHQ (I retired in 2010... this is a hobby) (21:1/144)

like self signed certs are going to be frowned upon. I have a
cert from

I run TLS on my systems ~ no certs needed. Certs in today's age is
well you know...

How do you use TLS without a certificate? o.O

Andrew

--- MagickaBBS v0.13alpha (Linux/x86_64)
* Origin: HappyLand - telnet://magickabbs.com:2023/ (21:1/126)

On 14 Dec 2019 at 05:05p, Al pondered and said...

No hurries at all. I am happy enough that at the moment a number of
folks more technical than myself are busy at these details and I'll just wait while it all settles.

It looks at the moment that the default port for binkps is 24553 and
also looks like self signed certs are going to be frowned upon. I have a cert from letsencrypt for trmb.ca but need to figure out how to use it.

I see Rob is seeking official designation of this port...

I just need to make it past the pet loss and nailing HPT in the coming days then I should be good to dive in.

--- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Hi Ozz

Just posting some NET 1 logging of your inbound polling and what BinkD is reporting. It looks like there are two polls to the HUB made at almost the exact same time. One fails as no AKA are available and the other with a different error. See below for info.

[snip]

- 16 Dec 06:25:04 [2108] incoming from 107.155.113.11 (38198)
+ 16 Dec 06:25:04 [19168] incoming session with pcboard.bbs.io
[107.155.113.11]
- 16 Dec 06:25:04 [19168] SYS RyoBBS WHQ/Dev Support
- 16 Dec 06:25:04 [19168] ZYZ G.E. Ozz Nixon Jr.
- 16 Dec 06:25:04 [19168] LOC Crestview, FL USA
- 16 Dec 06:25:04 [19168] NDL 115200,HO,XX,TCP,ICM,INA,IBN,BINKP,HUB,PING
- 16 Dec 06:25:04 [19168] TIME Sun, 15 Dec 2019 17:25:05 GMT
- 16 Dec 06:25:04 [19168] VER RyoBBS.FTN/0.5/Linux64bit binkp/1.1
- 16 Dec 06:25:04 [19168] OPT MPWD UTF8 NR ND MB CRC
+ 16 Dec 06:25:04 [19168] Remote requests NR mode
+ 16 Dec 06:25:04 [19168] Remote requests ND mode
- 16 Dec 06:25:04 [19168] PHN ryobbs.com
- 16 Dec 06:25:04 [19168] OPM * 100% Script Based BinkP Communications
Program by Ozz Nixon *
+ 16 Dec 06:25:04 [19168] addr: 1:1/123@fidonet (n/a or busy)
+ 16 Dec 06:25:04 [19168] addr: 10:101/15@araknet (n/a or busy)
+ 16 Dec 06:25:04 [19168] addr: 21:1/144@fsxnet
- 16 Dec 06:25:04 [2108] incoming from 107.155.113.11 (38200)
+ 16 Dec 06:25:04 [19868] incoming session with pcboard.bbs.io
[107.155.113.11]
- 16 Dec 06:25:04 [19868] SYS RyoBBS WHQ/Dev Support
- 16 Dec 06:25:04 [19868] ZYZ G.E. Ozz Nixon Jr.
- 16 Dec 06:25:04 [19868] LOC Crestview, FL USA
- 16 Dec 06:25:04 [19868] NDL 115200,HO,XX,TCP,ICM,INA,IBN,BINKP,HUB,PING
- 16 Dec 06:25:04 [19868] TIME Sun, 15 Dec 2019 17:25:05 GMT
- 16 Dec 06:25:04 [19868] VER RyoBBS.FTN/0.5/Linux64bit binkp/1.1
- 16 Dec 06:25:04 [19868] OPT MPWD UTF8 NR ND MB CRC
+ 16 Dec 06:25:04 [19868] Remote requests NR mode
+ 16 Dec 06:25:04 [19868] Remote requests ND mode
- 16 Dec 06:25:04 [19868] PHN ryobbs.com
- 16 Dec 06:25:04 [19868] OPM * 100% Script Based BinkP Communications
Program by Ozz Nixon *
+ 16 Dec 06:25:04 [19868] addr: 1:1/123@fidonet (n/a or busy)
+ 16 Dec 06:25:04 [19868] addr: 10:101/15@araknet (n/a or busy)
+ 16 Dec 06:25:04 [19868] addr: 21:1/144@fsxnet (n/a or busy)
? 16 Dec 06:25:04 [19868] Secure AKA 21:1/144@fsxnet busy, drop the session
+ 16 Dec 06:25:04 [19868] done (from 1:1/123@fidonet, failed, S/R: 0/0 (0/0 bytes))
16 Dec 06:25:04 [19868] session closed, quitting...
+ 16 Dec 06:25:04 [19168] Status is '0000ffd4.mom 10033 1576430320'
+ 16 Dec 06:25:04 [19168] pwd protected session (MD5)
- 16 Dec 06:25:04 [19168] we are in ND mode
- 16 Dec 06:25:04 [19168] remote is in ND mode
+ 16 Dec 06:25:04 [19168] sending 0000ffd4.mom as 0000ffd4.mom (10033)
? 16 Dec 06:25:04 [19168] rerror: ERR: Command or Block > 32k received, aborting.
+ 16 Dec 06:25:04 [19168] done (from 21:1/144@fsxnet, failed, S/R: 0/0 (0/0 bytes))
16 Dec 06:25:04 [19168] session closed, quitting...

[snip]

Not sure why the need to poll twice at the same time? Perhaps stopping that will help resolve issues?

Best, Paul

--- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On Saturday, December 14th Ozz Nixon was heard saying...

I run TLS on my systems ~ no certs needed. Certs in today's age is well you know... Ozz

Eh? TLS relies on certs and trust (also certs).


--

NuSkooler
Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic

--- ENiGMA 1/2 v0.0.11-beta (linux; x64; 12.13.1)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

On Sat, 14 Dec 2019 10:30:17 -0700
"NuSkooler -> Al" <0@121.1.21> wrote:

DM added these features and gave deuce credit for making the
TLS support for Synchronet services and JS modules easy.

Sorry, I mean what is the technical implementation? Is it simply bink
over TLS where a proxy can work?

Yes, you can use a TLS reverse proxy in front of the binkd server, like haproxy, nginx, stunnel.

For outgoing connections you could use the -pipe prarameter with "ncat --ssl" or "openssl s_client"

(I still prefer binkp over Tor, no certs, incoming connections behind NAT router ...)


* Origin: REPLY (21:1/151)

On Sat, 14 Dec 2019 17:05:52 -0800
"Al -> Avon" <0@106.4.21> wrote:

It looks at the moment that the default port for binkps is 24553 and
also looks like self signed certs are going to be frowned upon. I
have a cert from letsencrypt for trmb.ca but need to figure out how
to use it.

IMHO there is nothing wrong with using self-signed certs for binkps.

---
* Origin: REPLY (21:1/151)

Hello Oli,

It looks at the moment that the default port for binkps is 24553
and also looks like self signed certs are going to be frowned
upon. I have a cert from letsencrypt for trmb.ca but need to
figure out how to use it.

IMHO there is nothing wrong with using self-signed certs for binkps.

Agreed. I am going to keep on using the self signed cert that I have at 153/757.2. When I get 153/757 going I am going to try it with a letsencrypt cert, since that's all I have there.

I hope self signed certs won't be a problem although Synchronet can also import
a cert from letsencrypt it involves more steps.

Ttyl :-),
Al

--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

Hi Ozz

Just a heads up that I still see some errors when you're polling in and connecting with BinkD as 1/144

Here's the last part of a recent log that shows the error

[snip]

+ 23 Dec 20:50:07 [18288] sending 006ff519.mo0 as 006ff519.mo0 (2651)
+ 23 Dec 20:50:07 [18288] sending
c:\mystfsx\echomail\out\fidonet\00715f00.mo0 as 00715f00.mo0 (1827)
? 23 Dec 20:50:08 [18288] rerror: ERR: Command or Block > 32k received, aborting.
+ 23 Dec 20:50:08 [18288] done (from 21:1/144@fsxnet, failed, S/R: 2/0
(9107/0 bytes))

[snip]

so it looks like some sent fine but an error remains with something you were sending the HUB. I think.. :)

--- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 2019-12-23 20:55:06 +0000, Avon -> Ozz Nixon said:

Hi Ozz

Just a heads up that I still see some errors when you're polling in and connecting with BinkD as 1/144

Here's the last part of a recent log that shows the error

[snip]

+ 23 Dec 20:50:07 [18288] sending 006ff519.mo0 as 006ff519.mo0 (2651)
+ 23 Dec 20:50:07 [18288] sending c:\mystfsx\echomail\out\fidonet\00715f00.mo0 as 00715f00.mo0 (1827)
? 23 Dec 20:50:08 [18288] rerror: ERR: Command or Block > 32k received, aborting.
+ 23 Dec 20:50:08 [18288] done (from 21:1/144@fsxnet, failed, S/R: 2/0 (9107/0 bytes))

[snip]

so it looks like some sent fine but an error remains with something you were sending the HUB. I think.. :)

I think you are reading that backwards...as far as sending. The error
you are mentioning is the same I am getting with mbcico. Every now and
then I get a bogus MsgHdr+Len+CMD ... instead of 0x80+small packet len+M_CMD... I get an 0xF?+small packet len+M_CMD which calculates out
over the 32kb block limit of BinkP protocol.

I will double check my frame builder routine - and may add a separate
log just so I can make sure I never exceed the 32kb limit in my calculation(s).

Thanks for looking though!
Ozz


--- Legacy/X NNTP Server v3.1/Linux64
* Origin: nntp://legacyx-bbs.com:119/ (21:1/144.0)

On 2019-12-16 06:29:42 +0000, Avon -> Ozz Nixon said:

Hi Ozz

Just posting some NET 1 logging of your inbound polling and what BinkD is reporting. It looks like there are two polls to the HUB made at almost the exact same time. One fails as no AKA are available and the other with a different error. See below for info.

Not sure why the need to poll twice at the same time? Perhaps stopping that will help resolve issues?

Per my email a couple days ago - I found I had a /etc/crontab and a
crontab -e ... both files doing the same job about 8 seconds apart. And
then about week ago, arcron (whatever that is) just started launching
crontab jobs ever second, until I actually had 300 concurrent polls go
out to all of my uplinks. Killed it all down, and about 5 to 6 hours
ago, I relaunched crond. Once I verified that I do not have duplicate
crontab files ... and I also changes the script they call to touch
"polling", and remove polling upon complete... first line says if -f fileexists then exit 0. So should be impossible to have that runaway
situation again ;-)

--- Legacy/X NNTP Server v3.1/Linux64
* Origin: nntp://legacyx-bbs.com:119/ (21:1/144.0)

On 2019-12-15 13:42:39 +0000, apam -> Ozz Nixon said:

like self signed certs are going to be frowned upon. I have a
cert from

I run TLS on my systems ~ no certs needed. Certs in today's age is
well you know...

How do you use TLS without a certificate? o.O

Easy. TLS can self-negoation a secure session end to end without cert.
Cert is a PKI/HTTP requirement, not a TLS encryption requirement. TLS
will support self-signed certs, so no CA is required. However, certs
are not required.

stackexchange:
Without identification does not mean only without certificates but also
when you trust just any certificate you get, typically self-signed certificates. Thus, while TLS itself could do encryption without
certificates, HTTPS requires certificates because this is the only way
for proper identification in this use case. Nov 20, 2014

internet-computer-security.com:
Note, TLS supports authentication and encryption. However you would
need to use a signed certificate for strong authentication. Without a signed certificate you would only be able to encrypt your email
messages, there would be no authentication and non-repudiation.

I have built systems ~ using built-in TLS authentication and encryption
for over a decade now. None of those systems have been breached. As the
last post implies - you have encryptioon, but since it is on-the-fly negotiation you only have authentication based upon Node, IP,
Session-PW. If you just read (a now web oriented) step by step of how
to implement OpenSSL's TLS asClient and asServer, the examples out
there will show you - set cipher, and no PEM files, and viola - TLS authenticated encryption.

If you need code samples or a system to bounce against, let me know. I
use it for SBinkP from my system to a couple others on a private FTN.

Cheers!
Ozz

--- Legacy/X NNTP Server v3.1/Linux64
* Origin: nntp://legacyx-bbs.com:119/ (21:1/144.0)

I have built systems ~ using built-in TLS authentication and
encryption for over a decade now. None of those systems have been breached. As the last post implies - you have encryptioon, but
since it is on-the-fly negotiation you only have authentication
based upon Node, IP, Session-PW. If you just read (a now web
oriented) step by step of how to implement OpenSSL's TLS asClient
and asServer, the examples out there will show you - set cipher,
and no PEM files, and viola - TLS authenticated encryption.

Do you have such a thing listening for binkps over TLS?

I am hoping to start testing this here shortly. Synchronet's BinkIT
mailer also has support for binkps over TLS recently. I have sent and
received netmail with a few nodes using binkps/TLS.

My Synchronet BBSs details:

Equinox BBS
1:153/757.2 or 21:4/106.1
equinoxbbs.ddns.net binkp on 24554 and binkps on 24555

If you have a node we can test against I'll be happy to do that. I'd just
need your node #, hostname and port.

It's important that these different implementations can talk to each
other.

Ttyl :-),
Al

--- MagickaBBS v0.13alpha (Linux/x86_64)
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

On 23 Dec 2019 at 01:22p, Ozz Nixon pondered and said...

I think you are reading that backwards...as far as sending. The error

Ahh OK then..

I will double check my frame builder routine - and may add a separate
log just so I can make sure I never exceed the 32kb limit in my calculation(s).
Thanks for looking though!

Most welcome :)

--- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 23 Dec 2019 at 01:27p, Ozz Nixon pondered and said...

Per my email a couple days ago - I found I had a /etc/crontab and a crontab -e ... both files doing the same job about 8 seconds apart. And then about week ago, arcron (whatever that is) just started launching crontab jobs ever second, until I actually had 300 concurrent polls go out to all of my uplinks. Killed it all down, and about 5 to 6 hours
ago, I relaunched crond. Once I verified that I do not have duplicate crontab files ... and I also changes the script they call to touch "polling", and remove polling upon complete... first line says if -f fileexists then exit 0. So should be impossible to have that runaway situation again ;-)

OK thanks. I'll try to keep an eye on logs here but you can see a daily
report of NET 1 traffic posted in the BOT echo also if you want to check in there :)

--- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Equinox BBS
1:153/757.2 or 21:4/106.1
equinoxbbs.ddns.net binkp on 24554 and binkps on
24555

If you have a node we can test against I'll be happy
to do that. I'd just need your node #, hostname and
port.

It's important that these different implementations
can talk to each other.

unfortunately openssl s_client does not connect to binkit sucessfully. has someone already filed a bug report?



* Origin: 🌈 (21:1/151)

It's important that these different implementations
can talk to each other.

unfortunately openssl s_client does not connect to binkit
sucessfully. has someone already filed a bug report?

This has been rolling around in my head. I can't poll 153/757.2 (binkit)
from 153/757 (binkd) but Tommi did, we exchanged netmail. I'm going to
ask Tommi if he has any details around that and pass them to DM but I
want to double check that first.

Tommi and I are exchanging mail/files over binkps now on 153/757. :)

Ttyl :-),
Al

--- MagickaBBS v0.13alpha (Linux/x86_64)
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

Re: binkps
By: Oli to Al on Sat Dec 28 2019 08:03 pm

unfortunately openssl s_client does not connect to binkit sucessfully. has someone already filed a bug report?

What do you mean?

I connected with "openssl s_client -showcerts -status -state -host equinoxbbs.ddns.net -port 24555" and I see the BINKP initialisation stuff... ...deon


... Let him who takes the plunge remember to return it by Tuesday.
--- SBBSecho 3.10-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

unfortunately openssl s_client does not connect to binkit
sucessfully. has someone already filed a bug report?

What do you mean?

I connected with "openssl s_client -showcerts -status -state -host equinoxbbs.ddns.net -port 24555" and I see the BINKP initialisation stuff...

I can't connect to 153/757.2 running binkit as above, using binkd from
153/757.

Do you have a binkd you can try with? Either..

Equinox BBS
1:153/757.2
equinoxbbs.ddns.net
binkp:24554 or binkps:24555

The Rusty MailBox
1:153/757
trmb.ca
binkp:24554 or binkps:24553

If you (or anyone) can let me know of good or bad polls I'd appreciate
it.

Ttyl :-),
Al

--- MagickaBBS v0.13alpha (Linux/x86_64)
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

Re: RE: binkps
By: Al to Alterego on Sat Dec 28 2019 03:15 pm

Do you have a binkd you can try with? Either..

No, not in the short term anyway... When I get some time, I'll setup a binkd system and have a try.

Since I mainly use SBBS, I'm relying on binkit.
...deon


... Bedfellows make strange politicians.
--- SBBSecho 3.10-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

It's important that these different implementations
can talk to each other.

unfortunately openssl s_client does not connect to binkit
sucessfully. has someone already filed a bug report?

This has been rolling around in my head. I can't poll 153/757.2
(binkit) from 153/757 (binkd) but Tommi did, we exchanged netmail. I'm going to ask Tommi if he has any details around that and pass them to
DM but I want to double check that first.

Maybe we use different openssl versions? My guess is that newer openssl don't allow some older SSL / TLS options.


* Origin: 🌈 (21:1/151)

unfortunately openssl s_client does not connect to binkit
sucessfully. has someone already filed a bug report?

What do you mean?

I connected with "openssl s_client -showcerts -status -state -host equinoxbbs.ddns.net -port 24555" and I see the BINKP initialisation stuff...
...deon

Which openssl version do you have? Mine is

$ openssl version
OpenSSL 1.1.1d 10 Sep 2019



* Origin: 🌈 (21:1/151)

This has been rolling around in my head. I can't poll
153/757.2 (binkit) from 153/757 (binkd) but Tommi did, we
exchanged netmail. I'm going to ask Tommi if he has any
details around that and pass them to DM but I want to double
check that first.

Maybe we use different openssl versions? My guess is that newer
openssl don't allow some older SSL / TLS options.

That could be it. I'll have to ask him. I checked my openssl version
where sysnchronet lives on Slackware 14.2 and it says 1.0.2t, the same
date as yours but a different version, but it was just updated recently.

I don't think openssl comes into the picture in that case though, I think
it is cryptlib that takes care of TLS in Synchronet/BinkIT.

Ttyl :-),
Al

--- MagickaBBS v0.13alpha (Linux/x86_64)
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

Re: binkps
By: Oli to Alterego on Sun Dec 29 2019 11:01 am

Which openssl version do you have? Mine is

[deon@d-1-1 ~]$ openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017

It also worked from my mac:
$ openssl version
LibreSSL 2.8.3
...deon


... Internal consistency is more highly valued than efficiency.
--- SBBSecho 3.10-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Maybe we use different openssl versions? My guess is
that newer openssl don't allow some older SSL / TLS
options.

That could be it. I'll have to ask him. I checked my
openssl version where sysnchronet lives on Slackware
14.2 and it says 1.0.2t, the same date as yours but a
different version, but it was just updated recently.

Are you running the binkd client on this system too?

I don't think openssl comes into the picture in that
case though, I think it is cryptlib that takes care
of TLS in Synchronet/BinkIT.

true, binkit doesn't use the openssl lib, but it has to talk to openssl over the wire. there might be some incompatibilities between recent openssl versions
and cryptlib.



* Origin: 🌈 (21:1/151)

Re: binkps
By: Oli to Alterego on Sun Dec 29 2019 11:01 am

Which openssl version do you have? Mine is

[deon@d-1-1 ~]$ openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017

or maybe it is the default configuration set by the distribution.

https://wiki.debian.org/ContinuousIntegration/TriagingTips /openssl-1.1.1



* Origin: 🌈 (21:1/151)