Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: SSL connection timeouts

0 views
Skip to first unread message

Toon van der Pas

unread,
Mar 23, 2005, 4:44:30 PM3/23/05
to
On Wed, Mar 16, 2005 at 12:58:17PM +0800, Patrick Clohessy wrote:
> Hi All
>
> I have recently moved over to using SSL for my news server. This has
> worked succesfully but I have encountered a odd problem.
>
> Using Mozilla Mail or Thunderbird under Linux, if I reply to a child
> post there is a connection timeout and the mail client just pauses
> without acknowlegding the post. However the post will eventually appear
> a few minutes later. I can post a new article or reply to a parent
> article just fine. This doesn't appear to be a user specific problem as
> it occurs to all users (over 1000).
>
> This problem does not occur using the same version of Mozilla Mail and
> Thunderbird under Windows XP, or using pine under Linux. It also works
> fine under Linux if I connect to the non SSL news server.
>
> I'm using Fedora Core 3 for the news server (inn 2.4.1) and the client
> software is on Fedora Core 3 as well. The news server is started using
> "nnrpd -D -S -p 563 &"
>
> Has anyone else encountered this problem? Does it sound more like a
> Mozilla/Thunderbird problem than a news server problem?

Hi,

I can confirm your problem.
We are running an usenet news server, where we allow users to connect
directly and without any form of authentication and encryption from
within our network, but force users to connect via SSL and
authenticate themselves from the outside.

Mozilla will hang when posting messages via an SSL-encrypted link.
It doesn't happen always. It appears to happen when writing the message
takes a little while. When the message is written and sent quickly,
mozilla doesn't hang.

We are running inn-STABLE-20041230, but the problem was there with
earlier versions also.

Regards,
Toon.
--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan

Sebastian Wiesinger

unread,
Mar 24, 2005, 3:55:32 AM3/24/05
to
* Toon van der Pas <to...@hout.vanvergehaald.nl> [2005-03-23 22:43]:

> I can confirm your problem.
> We are running an usenet news server, where we allow users to connect
> directly and without any form of authentication and encryption from
> within our network, but force users to connect via SSL and
> authenticate themselves from the outside.
>
> Mozilla will hang when posting messages via an SSL-encrypted link.
> It doesn't happen always. It appears to happen when writing the message
> takes a little while. When the message is written and sent quickly,
> mozilla doesn't hang.
>
> We are running inn-STABLE-20041230, but the problem was there with
> earlier versions also.

I can confirm this Problem with INN 2.4.2 and slrn. If I connect and
try to post, slrn just hangs until I kill it. At the moment I use
stunnel as a workaround(posting works fine) but I would like to see
that problem fixed, too. IP-Based authentication does not work with
stunnel because everyone connects to nnrpd from localhost.

Regards,

Sebastian

--
GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
Wehret den Anfaengen: http://odem.org/informationsfreiheit/
Thunder rolled. ... It rolled a six.
--Terry Pratchett, Guards! Guards!

Bill Tangren

unread,
Mar 24, 2005, 10:06:24 AM3/24/05
to
Toon van der Pas wrote:
> On Wed, Mar 16, 2005 at 12:58:17PM +0800, Patrick Clohessy wrote:
>
>>Hi All
>>
>>I have recently moved over to using SSL for my news server. This has
>>worked succesfully but I have encountered a odd problem.
>>
>>Using Mozilla Mail or Thunderbird under Linux, if I reply to a child
>>post there is a connection timeout and the mail client just pauses
>>without acknowlegding the post. However the post will eventually appear
>>a few minutes later. I can post a new article or reply to a parent
>>article just fine. This doesn't appear to be a user specific problem as
>>it occurs to all users (over 1000).
>>
>>This problem does not occur using the same version of Mozilla Mail and
>>Thunderbird under Windows XP, or using pine under Linux. It also works
>>fine under Linux if I connect to the non SSL news server.
>>
>>I'm using Fedora Core 3 for the news server (inn 2.4.1) and the client
>>software is on Fedora Core 3 as well. The news server is started using
>>"nnrpd -D -S -p 563 &"
>>
>>Has anyone else encountered this problem? Does it sound more like a
>>Mozilla/Thunderbird problem than a news server problem?
>
>
> Hi,
>
> I can confirm your problem.
> We are running an usenet news server, where we allow users to connect
> directly and without any form of authentication and encryption from
> within our network, but force users to connect via SSL and
> authenticate themselves from the outside.
>
> Mozilla will hang when posting messages via an SSL-encrypted link.
> It doesn't happen always. It appears to happen when writing the message
> takes a little while. When the message is written and sent quickly,
> mozilla doesn't hang.
>
> We are running inn-STABLE-20041230, but the problem was there with
> earlier versions also.
>
> Regards,
> Toon.

Would you be willing to post what you have in your readers.conf? I am
trying to set up in exactly the same way.

but I have been unsuccessful so far, because the connection times out.
For me though, it times out when I try to get a list of messages in a
group after I have subscribed. I can't get so far as trying to post a
message.

I wasn't aware that mozilla was having a problem with secure connections
to inn 2.4.1. I will have to try with another type of client and see if
I can make any progress that way.

Bill Tangren

Toon van der Pas

unread,
Mar 25, 2005, 7:26:03 PM3/25/05
to
On Thu, Mar 24, 2005 at 10:01:45AM -0500, Bill Tangren wrote:
>
> Would you be willing to post what you have in your readers.conf? I
> am trying to set up in exactly the same way.
>
> but I have been unsuccessful so far, because the connection times
> out. For me though, it times out when I try to get a list of
> messages in a group after I have subscribed. I can't get so far as
> trying to post a message.
>
> I wasn't aware that mozilla was having a problem with secure
> connections to inn 2.4.1. I will have to try with another type of
> client and see if I can make any progress that way.

Here you go:

auth "radius" {
hosts: "*"
auth: "radius -f /usr/local/news/etc/radius.conf"
require_ssl: true
}

access "radius_users" {
users: "*"
newsgroups: "*"
newsmaster: "newsm...@hobby.nl"
localtime: true
clienttimeout: "1800"
}

access "failed_users" {
reject_with: "You need to be correctly authenticated to use this server from outside Hobbynet en HCCnet."
users: "<FAIL>@*"
newsmaster: "newsm...@hobby.nl"
localtime: true

0 new messages