Re: Gopher over TLS
> Alex Schr?der <kensanata@gmail.com> wrote:
>> echo About | gnutls-cli alexschroeder.ch:7070
SiMpLe MaChInEs <simple@sdf.org> writes:
> Adding TLS to gopher has been talked about on and off for years but
> usually the conversation died when it came to extending the gopher
> std(s). Perhaps it's time to revisit it again?
Do you have a good link to a previous discussion?
> I had to add '--insecure' to gnutls-cli but other than that it works.
Strange that you had to add --insecure. The server uses the full chain
of certificates and the private key I also use for the website itself,
and I made sure that ~/.gnutls was empty (no known-hosts file), and it
still works on my system. Sadly, I don't really knows the ins and outs
of SSL and TLS so I don't know where I'd start. All I know is that you
need to trust Let's Encrypt, since they signed my certificate so I guess
gnutls-cli needs to know where all the CAs are on your system?
Alternatively, I looked at my logs and found the following:
Could not finalize SSL connection with client handle (SSL accept at
tempt failed because of handshake problems error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certifica te)
I think currently
https://docs.python.org/3/library/ssl.html?highlight=ssl#ssl.create_default_context
will disable SSL2 and SSL3, so perhaps that's the problem. You should be
using TLS 1.2, I think.
Cheers
Alex
--
Public Key Fingerprint = DF94 46EB 7B78 4638 7CCC 018B C78C A29B ACEC FEAE
Reply to: