accessing TLS/SSL services, including snews://

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

    [Cross-posting to and
    news:comp.protocols.misc, just in case.  Please omit the latter
    when replying, unless the intent is to discuss the Telnet


 > The OP simply asked "how to post from the command line" and I
 > provided one solution: telnet.

    May I remind you that the Telnet protocol has its own control
    sequences, and may be unsuitable for, e. g., transferring
    arbitrary binary data?  Arguably, a Netcat tool, such as nc6(1),
    or OpenBSD nc(1), would be a better fit.

    (For that reason, the hosts under my control rarely provide the
    telnet(1) client.)

 > You provided another: openssl.

    Let me provide the third: gnutls-cli(1).  Consider, e. g. (line
    wrapping by me), the following session.

$ gnutls-cli -p 563
Resolving ''...
Connecting to ''...
- Certificate type: X.509
 - Got a certificate list of 1 certificates.
 - Certificate[0] info:
  - subject `C=US,ST=NY,L=New_York,
O=PANIX Public Access Networks Usenet News Servers,OU=news,,',
 issuer `C=US,ST=NY,L=New_York,
O=PANIX Public Access Networks Usenet News Servers,OU=news,
CN=PANIX Public Access Networks Usenet News Servers CA,',

    [... Arguably, they should use a certificate signed by a
    recognized trusted party, such as, e. g., /.]

 RSA key 2048 bits, signed using RSA-SHA,
 activated `2012-01-20 19:20:16 UTC',
 expires `2022-01-17 19:20:16 UTC',
 SHA-1 fingerprint `e588294d02985ea671e2c2a7e84f23c524b755bc'
- The hostname in the certificate matches ''.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: AES-128-CBC
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

200 InterNetNews NNRP server INN 2.3.3 ready (posting ok).
205 .
- Peer has closed the GNUTLS connection

 > I realize the Subject includes "snews" and telnet is not usable for
 > SSL/TLS without a helper, like Stunnel.

    I still don't get how using two TCP connections (Netcat or
    Telnet to Stunnel, and Stunnel to TLS/SSL server) could be
    better than using a single one (openssl or gnutls-cli to TLS/SSL


FSF associate member #7257

Site Timeline