accessing TLS/SSL services, including snews://

Skip to first unread message

Ivan Shmakov

Sep 18, 2012, 6:39:12 AM9/18/12
>>>>> John F Morse <jo...@example.invalid> writes:

[Cross-posting to and
news:comp.protocols.misc, just in case. Please omit the latter
when replying, unless the intent is to discuss the Telnet


> The OP simply asked "how to post from the command line" and I
> provided one solution: telnet.

May I remind you that the Telnet protocol has its own control
sequences, and may be unsuitable for, e. g., transferring
arbitrary binary data? Arguably, a Netcat tool, such as nc6(1),
or OpenBSD nc(1), would be a better fit.

(For that reason, the hosts under my control rarely provide the
telnet(1) client.)

> You provided another: openssl.

Let me provide the third: gnutls-cli(1). Consider, e. g. (line
wrapping by me), the following session.

$ gnutls-cli -p 563
Resolving ''...
Connecting to ''...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `C=US,ST=NY,L=New_York,
O=PANIX Public Access Networks Usenet News Servers,OU=news,,',
issuer `C=US,ST=NY,L=New_York,
O=PANIX Public Access Networks Usenet News Servers,OU=news,
CN=PANIX Public Access Networks Usenet News Servers CA,',

[... Arguably, they should use a certificate signed by a
recognized trusted party, such as, e. g.,]

RSA key 2048 bits, signed using RSA-SHA,
activated `2012-01-20 19:20:16 UTC',
expires `2022-01-17 19:20:16 UTC',
SHA-1 fingerprint `e588294d02985ea671e2c2a7e84f23c524b755bc'
- The hostname in the certificate matches ''.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: AES-128-CBC
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

200 InterNetNews NNRP server INN 2.3.3 ready (posting ok).
205 .
- Peer has closed the GNUTLS connection

> I realize the Subject includes "snews" and telnet is not usable for
> SSL/TLS without a helper, like Stunnel.

I still don't get how using two TCP connections (Netcat or
Telnet to Stunnel, and Stunnel to TLS/SSL server) could be
better than using a single one (openssl or gnutls-cli to TLS/SSL


FSF associate member #7257
Reply all
Reply to author
0 new messages