Both GnuTLS and OpenSSL can connect to said server without slrn in the way.
openssl s_client -connect secure-us.news.easynews.com:8000 CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = news.easynews.com verify return:1 --- Certificate chain 0 s:CN = news.easynews.com i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 i:O = Digital Signature Trust Co., CN = DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- MIIKCzCCCPOgAwIBAgISAxh2BKBc4Tk6oSjofm6Fe9QuMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA3MTIyMTAwNTJaFw0y MDEwMTAyMTAwNTJaMBwxGjAYBgNVBAMTEW5ld3MuZWFzeW5ld3MuY29tMIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs88/6aBieUZLdZPChQdMZxMHaa3v IOg7gLB+VQp3R2NS74SVx4bKQm5h5qpAqDiFAl4w4rHW+7Z2Gb1+gVFaYkZPbhEp HfKlsDTv54OE0FlrPDjWFCSOx0qTgCQ5wkxPAb8JLhzS+OACn/xNk10/B1vp/PVO yAcdRRzJzHE7WLMRW5+rvswSHSyFM5PUk6DiOoiWoGtkmIX7os4XwGlSWerOkldn 2zunKSLEYR5Ju+xgPoLtlWWvVqttNS7rHRaMmNe0jD/2fgRd1xn1aYX7+6ZskjHx ERxhgo+qvgxm4m1H6DwWlxq8G9XazHa9McHhpMMblB8mOWGmF4/Z2RVTUzzEQxeM hB9wdwiUB6oo68iQ7aRjwl6DSbB+0mjlZwXwjn5xHnFoTaBbU9/E8q1yQN0NxwCl 8MDAzRaG3sDfYZlF8IA6b7cpbwcbw9qJr7GkqkuTenO1+kMQntIT9L8VZXz7UnvD riI0Vmw92fgeE5piDJfoXJNPIloZrMNFKuCFdvlL1jpYMw3xKB+F3En8zWL/p7fR /JykeRae2ZmfWw9gWswkNZNQZGbswzy7PXTDsUb84akXiSyjbnYvMlQ8uSiieDIw HEZk2RcXsgx1leqh4asC9ZK3Uv6cFJ9ABOx6ilVvEe41LK5oLVA62mFE3Jk2oMrn tHtgNHW7tggs0N8CAwEAAaOCBhcwggYTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU ZTSV6YW26AYulK4/fn+NORmBeXcwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl 7/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5p bnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5p bnQteDMubGV0c2VuY3J5cHQub3JnLzCCA8oGA1UdEQSCA8EwggO9ghliZXRhLWV1 Lm5ld3MuZWFzeW5ld3MuY29tghliZXRhLXVzLm5ld3MuZWFzeW5ld3MuY29tghZi ZXRhLm5ld3MuZWFzeW5ld3MuY29tghFuZXdzLmVhc3luZXdzLmNvbYIUbmV3cy5l dS5lYXN5bmV3cy5jb22CFG5ld3MudXMuZWFzeW5ld3MuY29tghJuZXdzNC5lYXN5 bmV3cy5jb22CEm5ld3M2LmVhc3luZXdzLmNvbYIVbmV3czYuZXUuZWFzeW5ld3Mu Y29tghVuZXdzNi51cy5lYXN5bmV3cy5jb22CF3Byb3h5Lm5ld3MuZWFzeW5ld3Mu Y29tgiBzZWN1cmUtYmV0YS1ldS5uZXdzLmVhc3luZXdzLmNvbYIgc2VjdXJlLWJl dGEtdXMubmV3cy5lYXN5bmV3cy5jb22CHXNlY3VyZS1iZXRhLm5ld3MuZWFzeW5l d3MuY29tghtzZWN1cmUtZXUubmV3cy5lYXN5bmV3cy5jb22CG3NlY3VyZS11cy5u ZXdzLmVhc3luZXdzLmNvbYIYc2VjdXJlLm5ld3MuZWFzeW5ld3MuY29tghtzZWN1 cmUubmV3cy5ldS5lYXN5bmV3cy5jb22CGXNlY3VyZTYubmV3cy5lYXN5bmV3cy5j b22CHHNlY3VyZTYubmV3cy5ldS5lYXN5bmV3cy5jb22CHHNlY3VyZTYubmV3cy51 cy5lYXN5bmV3cy5jb22CHnRlc3QtZXUtaXB2NC5uZXdzLmVhc3luZXdzLmNvbYIe dGVzdC1ldS1pcHY2Lm5ld3MuZWFzeW5ld3MuY29tghl0ZXN0LWV1Lm5ld3MuZWFz eW5ld3MuY29tgiV0ZXN0LXNlY3VyZS1ldS1pcHY0Lm5ld3MuZWFzeW5ld3MuY29t giV0ZXN0LXNlY3VyZS1ldS1pcHY2Lm5ld3MuZWFzeW5ld3MuY29tgiB0ZXN0LXNl Y3VyZS1ldS5uZXdzLmVhc3luZXdzLmNvbYIldGVzdC1zZWN1cmUtdXMtaXB2NC5u ZXdzLmVhc3luZXdzLmNvbYIldGVzdC1zZWN1cmUtdXMtaXB2Ni5uZXdzLmVhc3lu ZXdzLmNvbYIgdGVzdC1zZWN1cmUtdXMubmV3cy5lYXN5bmV3cy5jb22CHnRlc3Qt dXMtaXB2NC5uZXdzLmVhc3luZXdzLmNvbYIedGVzdC11cy1pcHY2Lm5ld3MuZWFz eW5ld3MuY29tghl0ZXN0LXVzLm5ld3MuZWFzeW5ld3MuY29tMEwGA1UdIARFMEMw CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j cHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcA8JWk WfIA0YJAEC0vk4iOrUv+HUfjmeHQNKawqKqOsnMAAAFzRQuQVQAABAMASDBGAiEA w3DGIabSN4EcYRJ+nzGiM5NOFfh9opOEk4UqvEOm9lsCIQCPFqdm9b9vz2S5yTrm pDyjV5GVPuVNtRyOOIAyt8bhdQB2ALIeBcyLos2KIE6HZvkruYolIGdr2vpw57JJ Uy3vi5BeAAABc0ULkF0AAAQDAEcwRQIgWL/q4XKIiMrnLDrapzRG847zxcuQAe1X rmeoirve0CUCIQDCNTvrr0WQnBODsblBzfWYBpP11ub5ZmD8qEBUIYrspzANBgkq hkiG9w0BAQsFAAOCAQEAOR9oQmQtIHbxQ8CzgdW/eaoVw1MwwZY7fZpSiud713kL m3OIizT4F2PEfj/Afl9Orttvid9scPa6xixgexU2J/ufcoY6Ak84G+orsh4alqgQ VFDeS3w+mh+ZmSHyCl9VzBt4VWD6bp0z8MlCxaMexPMrxIjuXuarS76B5KTidmft vzMzttw1qJ1OEf+qkwQ9ekFQfZQT1zcM2gFxW2zJ8M9CJkWu+PnS8myCrCNTI8FD UzgU6zP0CUzHx3pHj16IV7cJ80JEHfUeC7OuetKUwPQvRT/0y48NvJWd/3BjHRjn Z/TrNGYB4JO2un/hAzmTwIgpelhf8URrHv9RW963dA== -----END CERTIFICATE----- subject=CN = news.easynews.com issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 4570 bytes and written 399 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 4096 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: A16868D9ABC7C67BF06FC492F76A3BEA6E4AEC58C9E3A1A18056081DDD5651BA Session-ID-ctx: Resumption PSK: 596A67213FCCB31732FEBAFF326350800E42B44303EC464D8EC4127961CF028318BEA0196F89D942B04AABCDEB256722 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 33 bb 8b b3 bd 1f aa 19-6f f3 b9 7d fb 4b b2 21 3.......o..}.K.! 0010 - 41 72 34 6d f9 a3 2b 63-98 ff cf 45 fc 9e 00 2f Ar4m..+c...E.../ 0020 - 55 8c 39 34 94 a6 02 ba-ce f3 dc ac 17 0d 20 2d U.94.......... - 0030 - f4 70 e0 94 85 1c 12 4b-23 3f 1f 68 94 2f 47 df .p.....K#?.h./G. 0040 - 51 ea 88 91 12 c1 93 f4-e9 74 06 ea cd d5 00 98 Q........t...... 0050 - 30 87 4c f3 06 26 2c 0c-68 50 f5 64 31 2a 4a 5a 0.L..&,.hP.d1*JZ 0060 - 37 66 79 8f 9f df 84 c2-cf 62 78 2c e3 23 b4 76 7fy......bx,.#.v 0070 - 6f 5b ec 61 ca a3 e1 af-0d 32 78 06 4f d4 16 33 o[.a.....2x.O..3 0080 - fb 27 b7 48 d6 53 6f d7-cf af 16 2d fc 74 b7 93 .'.H.So....-.t.. 0090 - 29 46 d6 3e 9d 41 ca 16-b5 5b bc da be 57 ad ed )F.>.A...[...W.. 00a0 - c5 17 d8 fe c2 91 7e b1-80 08 d9 a5 3a 9a 8c 4d ......~.....:..M 00b0 - d8 b2 9c 99 4d c5 18 4d-ac 6f 7d 3c 1e a2 1b 53 ....M..M.o}<...S 00c0 - 9d fb 56 bd a4 38 65 8e-9e 59 c9 c8 d5 61 01 9a ..V..8e..Y...a.. 00d0 - 96 33 4a 9b 4d a2 c8 e8-aa eb e4 a2 b4 1d fc 35 .3J.M..........5 00e0 - 87 f3 39 d4 40 62 dc a7-72 bd 70 7e 4d cb 8d 7b ..9.@b..r.p~M..{ Start Time: 1600073411 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 76DF7CDC0725AA01137E1B10DB41A9223D8D61B2C850E8487C1636B38BB9699C Session-ID-ctx: Resumption PSK: 4920C705104B2A714D6E97B603FADF2EF210B4A04D00EDE78887F94F6C642DA7B6909DEDF94F18A054D7194680DA1EF0 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 33 bb 8b b3 bd 1f aa 19-6f f3 b9 7d fb 4b b2 21 3.......o..}.K.! 0010 - 5d c5 76 6d 53 d0 37 fc-89 eb c5 67 56 e5 97 fb ].vmS.7....gV... 0020 - d9 20 7f 99 67 b0 ef 72-b7 10 59 8b 9f f7 1a 8c . ..g..r..Y..... 0030 - 82 3e 11 f3 63 d1 67 ec-68 5b ad 0e 68 bc 6e 88 .>..c.g.h[..h.n. 0040 - 8a 3e 6c 7a 8a 8b d5 86-26 3b c2 8f 8c 56 e4 72 .>lz....&;...V.r 0050 - 6e e2 3b d5 37 d7 0b 9c-9f b6 bf e1 cb 51 38 61 n.;.7........Q8a 0060 - 16 b5 4f a3 49 ed 59 d2-26 da 22 02 c9 a1 12 98 ..O.I.Y.&."..... 0070 - dd f9 f2 84 c7 0d 04 f2-54 e4 d5 d1 3f 03 68 a9 ........T...?.h. 0080 - 5f f4 78 6b e7 96 56 7e-17 13 9a 42 a8 ac 86 e7 _.xk..V~...B.... 0090 - f5 59 04 53 6b c0 08 a1-fd 0f 81 06 6f a2 1d f2 .Y.Sk.......o... 00a0 - 52 71 8b 55 40 f6 85 cd-90 1e d4 33 4a ff ae 0f Rq.U@......3J... 00b0 - db e8 ba 05 42 df 4c 16-0b 5d 95 9c 02 fa f0 74 ....B.L..].....t 00c0 - 91 26 c8 95 3d 77 39 91-5a e2 bf 90 6c d5 77 b4 .&..=w9.Z...l.w. 00d0 - e8 16 88 c8 87 6c f5 dc-33 32 f3 9b 7f 9d fa e8 .....l..32...... 00e0 - 2c 06 41 5c 49 c0 9b 73-4e d2 c0 fa 12 3b 68 43 ,.A\I..sN....;hC Start Time: 1600073411 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK 200 news.easynews.com Welcome! gnutls-cli secure-us.news.easynews.com -p 8000 Processed 126 CA certificate(s). Resolving 'secure-us.news.easynews.com:8000'... Connecting to '69.16.179.40:8000'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `CN=news.easynews.com', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', serial 0x03187604a05ce1393aa128e87e6e857bd42e, RSA key 4096 bits, signed using RSA-SHA256, activated `2020-07-12 21:00:52 UTC', expires `2020-10-10 21:00:52 UTC', pin-sha256="n3roTngoEcj4DZf8Nlkbi6JUX+mqcYou/VCOMk1BrGQ=" Public Key ID: sha1:2a532b346963843b3cfc444ca9db3b4fdbdf5efd sha256:9f7ae84e782811c8f80d97fc36591b8ba2545fe9aa718a2efd508e324d41ac64 Public Key PIN: pin-sha256:n3roTngoEcj4DZf8Nlkbi6JUX+mqcYou/VCOMk1BrGQ= - Certificate[1] info: - subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=" - Status: The certificate is trusted. - Description: (TLS1.3-X.509)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM) - Options: - Handshake was completed - Simple Client Mode: 200 news.easynews.com Welcome! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1895480 Title: slrn cannot connect when using SSL encrypted connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/slrn/+bug/1895480/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs