• Testing SSL 1/100

    From Avon@21:1/101 to All on Mon Mar 2 02:04:02 2020
    I have set 1/100 HUB BinkP up as follows

    Active │ Yes Force CRAM-MD5 │ No
    ID │ BINKP Allow UnSecure │ Yes
    Adapter Type │ IPV4+IPV6 File Conflicts │ Rename
    IPV4 Adapter │ 0.0.0.0
    IPV6 Adapter │ ::
    Port │ 24556
    Max Allowed │ 10
    Auto IP Ban │ 0 in 0 secs
    Country Block │ No
    Send Blocked │ No
    Time Out │ 30
    SSL Port │ 24553

    When I fire up the HUB MIS I see

    --------------------- Mystic v1.12 A46 2020/03/01 Sun, Mar 01 2020 (loglevel 2)
    + 2020.03.01 21:00:07 MANAGER Starting event system
    + 2020.03.01 21:00:07 MANAGER Starting 1 server(s)
    + 2020.03.01 21:00:07 EVENT Starting 4 event(s)
    + 2020.03.01 21:00:07 BINKP Listening on IPV4 port 24556 using interface "0.0.0.0"
    + 2020.03.01 21:00:07 BINKP Listening on IPV4 SSL port 24553 using interface "0.0.0.0"
    + 2020.03.01 21:00:07 BINKP Listening on IPV6 port 24556 using interface "::" + 2020.03.01 21:00:07 BINKP Listening on IPV6 SSL port 24553 using interface "::"

    Testing with another current copy of the Mystic pre-alpha and using an
    internal poll to the 1/100 MIS server I am unable to get a connection with
    the server on port 24553.

    On my test system if I just define the local IP of the HUB and don't state a port in the BinkP Hostname and set SSL to Yes I get this in the test system logs.

    --------------------- POLL v1.12 A46 2020/03/01 Sun, Mar 01 2020 (loglevel 2) + 2020.03.01 20:52:28 Poll BINKP node via address lookup: 21:1/100
    + 2020.03.01 20:52:28 1-Polling 21:1/100 on slot 1 via BINKP
    + 2020.03.01 20:52:28 1-Connecting to 192.168.2.110 on port 24553
    + 2020.03.01 20:52:32 1-Unable to connect
    + 2020.03.01 20:52:33 Polled 1 systems

    and I see no activity at 1/100 on the Messages screen

    If I set the test system to have a BinkP Hostname of 192.168.2.110:24553 and set SSH to Yes I see this in the test system logs

    --------------------- POLL v1.12 A46 2020/03/01 Sun, Mar 01 2020 (loglevel 2) + 2020.03.01 20:47:26 Poll BINKP node via address lookup: 21:1/100
    + 2020.03.01 20:47:26 1-Polling 21:1/100 on slot 1 via BINKP
    + 2020.03.01 20:47:26 1-Connecting to 192.168.2.110 on port 24553
    + 2020.03.01 20:47:26 1-Connected by IPV4 to 192.168.2.110
    + 2020.03.01 20:47:27 1-Connection lost
    + 2020.03.01 20:47:27 1-Authorization failed
    + 2020.03.01 20:47:27 Polled 1 systems

    I still see no activity on the HUB messages screen.

    if I use an external port tester I can check port 24554 and see something on the HUB screen as the test packet arrives and the web tool reports the port
    is open.

    if I repeat this using 24553 the web tool reports the port is open but the
    HUB screen does not show any incoming test packet.

    g00r00 - as an aside MIS POLL [node] when [node] is set to SSL yes will poll 24553 but if I use the current Fidopoll it still points to 24555 ... just a
    FYI

    If anyone can connect to 24553 please let me know :)

    --- Mystic BBS v1.12 A46 2020/02/29 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From g00r00@21:1/108 to Avon on Sun Mar 1 20:14:13 2020
    I still see no activity on the HUB messages screen.

    I will check into this right away. On the plus side all of my intial tests
    for [EchoNodeTracker] were a success so once I get done investigating
    whatever is going on with the SSL I will repackage everything.

    --- Mystic BBS v1.12 A46 2020/03/01 (Windows/64)
    * Origin: Sector 7 (21:1/108)
  • From Avon@21:1/101 to g00r00 on Mon Mar 2 02:16:53 2020
    On 01 Mar 2020 at 03:14p, g00r00 pondered and said...


    I will check into this right away. On the plus side all of my intial tests for [EchoNodeTracker] were a success so once I get done investigating whatever is going on with the SSL I will repackage everything.

    Thanks... I'm fairly sure I have things set correct here but not being able
    to see any activity in MIS messages screen for 24553 or in the logging
    mis.txt makes me suspicious something is not right.

    --- Mystic BBS v1.12 A46 2020/02/29 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Avon@21:1/101 to g00r00 on Mon Mar 2 02:19:46 2020
    On 01 Mar 2020 at 03:14p, g00r00 pondered and said...

    I will check into this right away. On the plus side all of my intial tests for [EchoNodeTracker] were a success so once I get done investigating whatever is going on with the SSL I will repackage everything.

    To confirm I also need the cl32.dll and cl64.dll?

    I do have those installed in the HUB and they are version 3.4.4.1

    Nothing shows on startup logging about anything to do with SSL but from memory that only shows as an error when those files are not present?

    --- Mystic BBS v1.12 A46 2020/02/29 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Al@21:4/106 to Avon on Sun Mar 1 05:19:32 2020
    Hello Avon,

    Thanks... I'm fairly sure I have things set correct here but not being able to see any activity in MIS messages screen for 24553 or in the logging mis.txt makes me suspicious something is not right.

    I just tried to poll your node with binkd and this is the result..


    === Cut ===
    01 Mar 00:14:22 [23159] BEGIN, binkd/1.1a-101/Linux -pP 21:1/100 /usr/local/etc/binkd.conf
    01 Mar 00:14:22 [23159] creating a poll for 21:1/100@fsxnet (`d' flavour)
    01 Mar 00:14:22 [23159] clientmgr started
    + 01 Mar 00:14:22 [23160] call to 21:1/100@fsxnet
    + 01 Mar 00:14:22 [23160] External command 'openssl s_client -quiet -alpn binkp
    -connect agency.bbs.nz:24553' started, pid 23161
    01 Mar 00:14:22 [23160] connected
    + 01 Mar 00:14:22 [23160] outgoing session with agency.bbs.nz:24553
    ? 01 Mar 00:14:25 [23160] recv: connection closed by foreign host
    + 01 Mar 00:14:25 [23160] done (to 21:1/100@fsxnet, failed, S/R: 0/0 (0/0 bytes))
    01 Mar 00:14:25 [23160] session closed, quitting...
    === Cut ===

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)
  • From Al@21:4/106 to Avon on Sun Mar 1 05:23:48 2020
    Hello Avon,

    Thanks... I'm fairly sure I have things set correct here but not being able to see any activity in MIS messages screen for 24553 or in the logging mis.txt makes me suspicious something is not right.

    I forgot to mention last time, my node is listening for binkps on port 24553. Anyone who would like to can feel free to test against my node.

    binkp://trmb.ca:24554
    binkps://trmb.ca:24553

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)
  • From Avon@21:1/101 to Al on Mon Mar 2 02:28:09 2020
    On 01 Mar 2020 at 12:23a, Al pondered and said...

    I forgot to mention last time, my node is listening for binkps on port 24553. Anyone who would like to can feel free to test against my node.

    binkp://trmb.ca:24554
    binkps://trmb.ca:24553

    OK will try shortly Al.

    --- Mystic BBS v1.12 A46 2020/02/29 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Avon@21:1/101 to Al on Mon Mar 2 02:34:25 2020
    On 01 Mar 2020 at 12:23a, Al pondered and said...

    I forgot to mention last time, my node is listening for binkps on port 24553. Anyone who would like to can feel free to test against my node.

    binkp://trmb.ca:24554
    binkps://trmb.ca:24553

    Hmmm because I don't have you defined as an echomail node at 1/100 I can't
    just test this Binkps. As polling you vis MIS POLL 21:4/102 is just doing a nodelist lookup and (in this case) using IPV6 to poll you

    --------------------- POLL v1.12 A46 2020/03/01 Sun, Mar 01 2020 (loglevel 2) + 2020.03.01 21:31:03 Poll BINKP node via address lookup: 21:4/106
    + 2020.03.01 21:31:03 1-Polling 21:4/106 on slot 1 via BINKP
    + 2020.03.01 21:31:04 1-Connecting to trmb.ca on port 24554
    + 2020.03.01 21:31:04 1-Connected by IPV6 to 2600:3C04::F03C:92FF:FE69:8DB0
    + 2020.03.01 21:31:05 1-System The Rusty MailBox
    + 2020.03.01 21:31:05 1-SysOp Alan Ianson
    + 2020.03.01 21:31:05 1-Location Penticton, BC Canada
    + 2020.03.01 21:31:05 1-Info NDL 115200,CM,XW,IBN
    + 2020.03.01 21:31:05 1-Info TIME Sun, 1 Mar 2020 00:31:06 -0800
    + 2020.03.01 21:31:05 1-Mailer binkd/1.1a-101/Linux binkp/1.1
    + 2020.03.01 21:31:05 1-Info TRF 0 0
    + 2020.03.01 21:31:05 1-Session ended (0 sent, 0 rcvd, 0 skip)
    + 2020.03.01 21:31:06 Polled 1 systems

    Should I be noting your SSH server somehow in the nodelist? I'm not even sure if Mystic would find it if I did? Anywho as an aside it makes for an interesting thought about how to best capture such things..

    I could set you up at 1/100 using the same session details we have in place
    for 1/10 .. would that be a plan?

    --- Mystic BBS v1.12 A46 2020/02/29 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Al@21:4/106 to Avon on Sun Mar 1 05:40:46 2020
    Hello Avon,

    Should I be noting your SSH server somehow in the nodelist? I'm not
    even sure if Mystic would find it if I did? Anywho as an aside it
    makes for an interesting thought about how to best capture such
    things..

    I'm not sure there is a way to do that since binkps is not part of the bigger plan at this point. But yes you can feel free to do that. I plan to leave the binkps listener in place on port 24553.

    I could set you up at 1/100 using the same session details we have in place for 1/10 .. would that be a plan?

    I have done that now..

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)
  • From g00r00@21:1/108 to Avon on Sun Mar 1 20:44:03 2020
    To confirm I also need the cl32.dll and cl64.dll?

    Yes you will need them, and it should bitch and moan if it can't find them
    when you have some SSL stuff configured (maybe?) lol

    But the issue isn't on your end. When I was trying to fix something in Linux earlier I broke something in Windows.

    I just uploaded a new version which looks to fix Windows SSL I have yet to
    test on Linux yet with it. But you should be good to upgrade to that. And
    it also tweaks the "Crash error" tracking which was too aggressive.

    --- Mystic BBS v1.12 A46 2020/03/01 (Windows/64)
    * Origin: Sector 7 (21:1/108)
  • From g00r00@21:1/108 to Al on Sun Mar 1 20:58:12 2020
    I just tried to poll your node with binkd and this is the result..

    I had things blown up. If you have some time give it another go now and see what happens. It just worked for me (using Mystic not BINKD) via SSL.

    --- Mystic BBS v1.12 A46 2020/03/01 (Windows/64)
    * Origin: Sector 7 (21:1/108)
  • From Avon@21:1/101 to g00r00 on Mon Mar 2 02:58:21 2020
    On 01 Mar 2020 at 03:44p, g00r00 pondered and said...

    But the issue isn't on your end. When I was trying to fix something in Linux earlier I broke something in Windows.

    I just uploaded a new version which looks to fix Windows SSL I have yet
    to test on Linux yet with it. But you should be good to upgrade to
    that. And it also tweaks the "Crash error" tracking which was too aggressive.

    Yep that has things working between test system on the same PC as the HUB system using Windows 32 bit. Thanks :)

    From the test system


    --------------------- POLL v1.12 A46 2020/03/01 Sun, Mar 01 2020 (loglevel 2) + 2020.03.01 21:52:31 Poll BINKP node via address lookup: 21:1/100
    + 2020.03.01 21:52:31 1-Polling 21:1/100 on slot 1 via BINKP
    + 2020.03.01 21:52:31 1-Connecting to 192.168.2.110 on port 24553
    + 2020.03.01 21:52:32 1-Connected by IPV4 SSL to 192.168.2.110
    + 2020.03.01 21:52:32 1-System fsxHUB Risa [NET1]
    + 2020.03.01 21:52:32 1-SysOp Avon
    + 2020.03.01 21:52:32 1-Info TIME Sun, 01 Mar 2020 21:52:32 +1300
    + 2020.03.01 21:52:32 1-Mailer Mystic/1.12A46 binkp/1.0
    + 2020.03.01 21:52:32 1-Info BUILD 2020/03/01 15:36:07 Windows/32
    + 2020.03.01 21:52:32 1-Remote Queue: 1 files 40,325 bytes
    + 2020.03.01 21:52:33 1-Receiving: 0000fc81.su2 (40,325 bytes)
    + 2020.03.01 21:52:33 1-Session ended (0 sent, 1 rcvd, 0 skip)
    + 2020.03.01 21:52:34 Polled 1 systems

    Interestingly the 1/100 logging does not show that it's an incoming SSL connect.

    + 2020.03.01 21:52:32 BINKP 1-HostName AGENCY
    + 2020.03.01 21:52:32 BINKP 1-System Wingatui Estate
    + 2020.03.01 21:52:32 BINKP 1-SysOp Avon
    + 2020.03.01 21:52:32 BINKP 1-Info TIME Sun, 01 Mar 2020 21:52:32 +1300
    + 2020.03.01 21:52:32 BINKP 1-Mailer Mystic/1.12A46 binkp/1.0
    + 2020.03.01 21:52:32 BINKP 1-Info BUILD 2020/03/01 15:36:07 Windows/32
    + 2020.03.01 21:52:32 BINKP 1-Authenticating 21:1/995@fsxnet by CRAM-MD5
    + 2020.03.01 21:52:32 BINKP 1-Queued 1 files for 21:1/995@fsxnet
    + 2020.03.01 21:52:32 BINKP 1-Sending: 0000fc81.su2 (40,325 bytes)
    + 2020.03.01 21:52:32 BINKP 1-Remote Queue: 0 files 0 bytes
    + 2020.03.01 21:52:33 BINKP 1-Session ended (1 sent, 0 rcvd, 0 skip)

    Perhaps that's something that could be added?

    --- Mystic BBS v1.12 A46 2020/02/29 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From alter ego@21:2/116 to Avon on Mon Mar 2 00:57:55 2020
    Re: Testing SSL 1/100
    By: Avon to All on Sun Mar 01 2020 09:04 pm

    If anyone can connect to 24553 please let me know :)

    If you want another system to test with l.dlcm.co:24553 (its 2/116).

    If I can remember how to make SBBS poll outbound on SSL, I'll configure the Hub
    3 to do it.
    ...deon


    ... A group of the unfit appointed by the unwilling to do the necessary.
    --- SBBSecho 3.10-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)
  • From g00r00@21:1/108 to Avon on Sun Mar 1 21:00:20 2020
    Interestingly the 1/100 logging does not show that it's an incoming SSL connect.

    Yeah I should probably add that as I did to the MIS POLL client. Noted,
    thank you!

    --- Mystic BBS v1.12 A46 2020/03/01 (Windows/64)
    * Origin: Sector 7 (21:1/108)
  • From Al@21:4/106 to g00r00 on Sun Mar 1 06:28:52 2020
    Hello g00r00,

    I just tried to poll your node with binkd and this is the
    result..

    I had things blown up. If you have some time give it another go now
    and see what happens. It just worked for me (using Mystic not BINKD)
    via SSL.

    I'm getting a connect now but a failed session..


    === Cut ===
    + 01 Mar 01:22:56 [24982] call to 21:1/100@fsxnet
    + 01 Mar 01:22:56 [24982] External command 'openssl s_client -quiet -alpn binkp
    -connect agency.bbs.nz:24553' started, pid 24983
    01 Mar 01:22:56 [24982] connected
    + 01 Mar 01:22:56 [24982] outgoing session with agency.bbs.nz:24553
    ? 01 Mar 01:23:00 [24982] recv: connection closed by foreign host
    + 01 Mar 01:23:00 [24982] holding 21:1/100@fsxnet (2020/03/01 04:23:00)
    + 01 Mar 01:23:00 [24982] done (to 21:1/100@fsxnet, failed, S/R: 0/0 (0/0 bytes))
    01 Mar 01:23:00 [24982] session closed, quitting...
    === Cut ===


    It's not logged in binkd.log but I see this on my screen, from the above openssl command I think..

    verify error:num=66:EE certificate key to weak

    I might be able to adjust that openssl command.

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)
  • From g00r00@21:1/108 to Al on Sun Mar 1 22:51:27 2020
    I'm getting a connect now but a failed session..

    Mystic does use a pretty low keysize for max compatibility but its probably time to change that. I'm sure you could configure your tunnel to still work but ideally I should probably just change it on the Mystic side.

    --- Mystic BBS v1.12 A46 2020/03/01 (Windows/64)
    * Origin: Sector 7 (21:1/108)