Both GnuTLS and OpenSSL can connect to said server without slrn in the
way.
openssl s_client -connect secure-us.news.easynews.com:8000
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = news.easynews.com
verify return:1
---
Certificate chain
0 s:CN = news.easynews.com
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIKCzCCCPOgAwIBAgISAxh2BKBc4Tk6oSjofm6Fe9QuMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA3MTIyMTAwNTJaFw0y
MDEwMTAyMTAwNTJaMBwxGjAYBgNVBAMTEW5ld3MuZWFzeW5ld3MuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs88/6aBieUZLdZPChQdMZxMHaa3v
IOg7gLB+VQp3R2NS74SVx4bKQm5h5qpAqDiFAl4w4rHW+7Z2Gb1+gVFaYkZPbhEp
HfKlsDTv54OE0FlrPDjWFCSOx0qTgCQ5wkxPAb8JLhzS+OACn/xNk10/B1vp/PVO
yAcdRRzJzHE7WLMRW5+rvswSHSyFM5PUk6DiOoiWoGtkmIX7os4XwGlSWerOkldn
2zunKSLEYR5Ju+xgPoLtlWWvVqttNS7rHRaMmNe0jD/2fgRd1xn1aYX7+6ZskjHx
ERxhgo+qvgxm4m1H6DwWlxq8G9XazHa9McHhpMMblB8mOWGmF4/Z2RVTUzzEQxeM
hB9wdwiUB6oo68iQ7aRjwl6DSbB+0mjlZwXwjn5xHnFoTaBbU9/E8q1yQN0NxwCl
8MDAzRaG3sDfYZlF8IA6b7cpbwcbw9qJr7GkqkuTenO1+kMQntIT9L8VZXz7UnvD
riI0Vmw92fgeE5piDJfoXJNPIloZrMNFKuCFdvlL1jpYMw3xKB+F3En8zWL/p7fR
/JykeRae2ZmfWw9gWswkNZNQZGbswzy7PXTDsUb84akXiSyjbnYvMlQ8uSiieDIw
HEZk2RcXsgx1leqh4asC9ZK3Uv6cFJ9ABOx6ilVvEe41LK5oLVA62mFE3Jk2oMrn
tHtgNHW7tggs0N8CAwEAAaOCBhcwggYTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
ZTSV6YW26AYulK4/fn+NORmBeXcwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl
7/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5p
bnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5p
bnQteDMubGV0c2VuY3J5cHQub3JnLzCCA8oGA1UdEQSCA8EwggO9ghliZXRhLWV1
Lm5ld3MuZWFzeW5ld3MuY29tghliZXRhLXVzLm5ld3MuZWFzeW5ld3MuY29tghZi
ZXRhLm5ld3MuZWFzeW5ld3MuY29tghFuZXdzLmVhc3luZXdzLmNvbYIUbmV3cy5l
dS5lYXN5bmV3cy5jb22CFG5ld3MudXMuZWFzeW5ld3MuY29tghJuZXdzNC5lYXN5
bmV3cy5jb22CEm5ld3M2LmVhc3luZXdzLmNvbYIVbmV3czYuZXUuZWFzeW5ld3Mu
Y29tghVuZXdzNi51cy5lYXN5bmV3cy5jb22CF3Byb3h5Lm5ld3MuZWFzeW5ld3Mu
Y29tgiBzZWN1cmUtYmV0YS1ldS5uZXdzLmVhc3luZXdzLmNvbYIgc2VjdXJlLWJl
dGEtdXMubmV3cy5lYXN5bmV3cy5jb22CHXNlY3VyZS1iZXRhLm5ld3MuZWFzeW5l
d3MuY29tghtzZWN1cmUtZXUubmV3cy5lYXN5bmV3cy5jb22CG3NlY3VyZS11cy5u
ZXdzLmVhc3luZXdzLmNvbYIYc2VjdXJlLm5ld3MuZWFzeW5ld3MuY29tghtzZWN1
cmUubmV3cy5ldS5lYXN5bmV3cy5jb22CGXNlY3VyZTYubmV3cy5lYXN5bmV3cy5j
b22CHHNlY3VyZTYubmV3cy5ldS5lYXN5bmV3cy5jb22CHHNlY3VyZTYubmV3cy51
cy5lYXN5bmV3cy5jb22CHnRlc3QtZXUtaXB2NC5uZXdzLmVhc3luZXdzLmNvbYIe
dGVzdC1ldS1pcHY2Lm5ld3MuZWFzeW5ld3MuY29tghl0ZXN0LWV1Lm5ld3MuZWFz
eW5ld3MuY29tgiV0ZXN0LXNlY3VyZS1ldS1pcHY0Lm5ld3MuZWFzeW5ld3MuY29t
giV0ZXN0LXNlY3VyZS1ldS1pcHY2Lm5ld3MuZWFzeW5ld3MuY29tgiB0ZXN0LXNl
Y3VyZS1ldS5uZXdzLmVhc3luZXdzLmNvbYIldGVzdC1zZWN1cmUtdXMtaXB2NC5u
ZXdzLmVhc3luZXdzLmNvbYIldGVzdC1zZWN1cmUtdXMtaXB2Ni5uZXdzLmVhc3lu
ZXdzLmNvbYIgdGVzdC1zZWN1cmUtdXMubmV3cy5lYXN5bmV3cy5jb22CHnRlc3Qt
dXMtaXB2NC5uZXdzLmVhc3luZXdzLmNvbYIedGVzdC11cy1pcHY2Lm5ld3MuZWFz
eW5ld3MuY29tghl0ZXN0LXVzLm5ld3MuZWFzeW5ld3MuY29tMEwGA1UdIARFMEMw
CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j
cHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcA8JWk
WfIA0YJAEC0vk4iOrUv+HUfjmeHQNKawqKqOsnMAAAFzRQuQVQAABAMASDBGAiEA
w3DGIabSN4EcYRJ+nzGiM5NOFfh9opOEk4UqvEOm9lsCIQCPFqdm9b9vz2S5yTrm
pDyjV5GVPuVNtRyOOIAyt8bhdQB2ALIeBcyLos2KIE6HZvkruYolIGdr2vpw57JJ
Uy3vi5BeAAABc0ULkF0AAAQDAEcwRQIgWL/q4XKIiMrnLDrapzRG847zxcuQAe1X
rmeoirve0CUCIQDCNTvrr0WQnBODsblBzfWYBpP11ub5ZmD8qEBUIYrspzANBgkq
hkiG9w0BAQsFAAOCAQEAOR9oQmQtIHbxQ8CzgdW/eaoVw1MwwZY7fZpSiud713kL
m3OIizT4F2PEfj/Afl9Orttvid9scPa6xixgexU2J/ufcoY6Ak84G+orsh4alqgQ
VFDeS3w+mh+ZmSHyCl9VzBt4VWD6bp0z8MlCxaMexPMrxIjuXuarS76B5KTidmft
vzMzttw1qJ1OEf+qkwQ9ekFQfZQT1zcM2gFxW2zJ8M9CJkWu+PnS8myCrCNTI8FD
UzgU6zP0CUzHx3pHj16IV7cJ80JEHfUeC7OuetKUwPQvRT/0y48NvJWd/3BjHRjn
Z/TrNGYB4JO2un/hAzmTwIgpelhf8URrHv9RW963dA==
-----END CERTIFICATE-----
subject=CN = news.easynews.com
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4570 bytes and written 399 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: A16868D9ABC7C67BF06FC492F76A3BEA6E4AEC58C9E3A1A18056081DDD5651BA
Session-ID-ctx:
Resumption PSK:
596A67213FCCB31732FEBAFF326350800E42B44303EC464D8EC4127961CF028318BEA0196F89D942B04AABCDEB256722
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 33 bb 8b b3 bd 1f aa 19-6f f3 b9 7d fb 4b b2 21 3.......o..}.K.!
0010 - 41 72 34 6d f9 a3 2b 63-98 ff cf 45 fc 9e 00 2f Ar4m..+c...E.../
0020 - 55 8c 39 34 94 a6 02 ba-ce f3 dc ac 17 0d 20 2d U.94.......... -
0030 - f4 70 e0 94 85 1c 12 4b-23 3f 1f 68 94 2f 47 df .p.....K#?.h./G.
0040 - 51 ea 88 91 12 c1 93 f4-e9 74 06 ea cd d5 00 98 Q........t......
0050 - 30 87 4c f3 06 26 2c 0c-68 50 f5 64 31 2a 4a 5a 0.L..&,.hP.d1*JZ
0060 - 37 66 79 8f 9f df 84 c2-cf 62 78 2c e3 23 b4 76 7fy......bx,.#.v
0070 - 6f 5b ec 61 ca a3 e1 af-0d 32 78 06 4f d4 16 33 o[.a.....2x.O..3
0080 - fb 27 b7 48 d6 53 6f d7-cf af 16 2d fc 74 b7 93 .'.H.So....-.t..
0090 - 29 46 d6 3e 9d 41 ca 16-b5 5b bc da be 57 ad ed )F.>.A...[...W..
00a0 - c5 17 d8 fe c2 91 7e b1-80 08 d9 a5 3a 9a 8c 4d ......~.....:..M
00b0 - d8 b2 9c 99 4d c5 18 4d-ac 6f 7d 3c 1e a2 1b 53 ....M..M.o}<...S
00c0 - 9d fb 56 bd a4 38 65 8e-9e 59 c9 c8 d5 61 01 9a ..V..8e..Y...a..
00d0 - 96 33 4a 9b 4d a2 c8 e8-aa eb e4 a2 b4 1d fc 35 .3J.M..........5
00e0 - 87 f3 39 d4 40 62 dc a7-72 bd 70 7e 4d cb 8d 7b ..9.@b..r.p~M..{
Start Time: 1600073411
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 76DF7CDC0725AA01137E1B10DB41A9223D8D61B2C850E8487C1636B38BB9699C
Session-ID-ctx:
Resumption PSK:
4920C705104B2A714D6E97B603FADF2EF210B4A04D00EDE78887F94F6C642DA7B6909DEDF94F18A054D7194680DA1EF0
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 33 bb 8b b3 bd 1f aa 19-6f f3 b9 7d fb 4b b2 21 3.......o..}.K.!
0010 - 5d c5 76 6d 53 d0 37 fc-89 eb c5 67 56 e5 97 fb ].vmS.7....gV...
0020 - d9 20 7f 99 67 b0 ef 72-b7 10 59 8b 9f f7 1a 8c . ..g..r..Y.....
0030 - 82 3e 11 f3 63 d1 67 ec-68 5b ad 0e 68 bc 6e 88 .>..c.g.h[..h.n.
0040 - 8a 3e 6c 7a 8a 8b d5 86-26 3b c2 8f 8c 56 e4 72 .>lz....&;...V.r
0050 - 6e e2 3b d5 37 d7 0b 9c-9f b6 bf e1 cb 51 38 61 n.;.7........Q8a
0060 - 16 b5 4f a3 49 ed 59 d2-26 da 22 02 c9 a1 12 98 ..O.I.Y.&.".....
0070 - dd f9 f2 84 c7 0d 04 f2-54 e4 d5 d1 3f 03 68 a9 ........T...?.h.
0080 - 5f f4 78 6b e7 96 56 7e-17 13 9a 42 a8 ac 86 e7 _.xk..V~...B....
0090 - f5 59 04 53 6b c0 08 a1-fd 0f 81 06 6f a2 1d f2 .Y.Sk.......o...
00a0 - 52 71 8b 55 40 f6 85 cd-90 1e d4 33 4a ff ae 0f Rq.U@......3J...
00b0 - db e8 ba 05 42 df 4c 16-0b 5d 95 9c 02 fa f0 74 ....B.L..].....t
00c0 - 91 26 c8 95 3d 77 39 91-5a e2 bf 90 6c d5 77 b4 .&..=w9.Z...l.w.
00d0 - e8 16 88 c8 87 6c f5 dc-33 32 f3 9b 7f 9d fa e8 .....l..32......
00e0 - 2c 06 41 5c 49 c0 9b 73-4e d2 c0 fa 12 3b 68 43 ,.A\I..sN....;hC
Start Time: 1600073411
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
200 news.easynews.com Welcome!
gnutls-cli secure-us.news.easynews.com -p 8000
Processed 126 CA certificate(s).
Resolving 'secure-us.news.easynews.com:8000'...
Connecting to '69.16.179.40:8000'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=news.easynews.com', issuer `CN=Let's Encrypt Authority
X3,O=Let's Encrypt,C=US', serial 0x03187604a05ce1393aa128e87e6e857bd42e, RSA
key 4096 bits, signed using RSA-SHA256, activated `2020-07-12 21:00:52 UTC',
expires `2020-10-10 21:00:52 UTC',
pin-sha256="n3roTngoEcj4DZf8Nlkbi6JUX+mqcYou/VCOMk1BrGQ="
Public Key ID:
sha1:2a532b346963843b3cfc444ca9db3b4fdbdf5efd
sha256:9f7ae84e782811c8f80d97fc36591b8ba2545fe9aa718a2efd508e324d41ac64
Public Key PIN:
pin-sha256:n3roTngoEcj4DZf8Nlkbi6JUX+mqcYou/VCOMk1BrGQ=
- Certificate[1] info:
- subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST
Root CA X3,O=Digital Signature Trust Co.', serial
0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256,
activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC',
pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="
- Status: The certificate is trusted.
- Description:
(TLS1.3-X.509)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
- Options:
- Handshake was completed
- Simple Client Mode:
200 news.easynews.com Welcome!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1895480
Title:
slrn cannot connect when using SSL encrypted connections
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/slrn/+bug/1895480/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
