1. Forum
  2. FidoNet
  3. SYNC SYSOPS

  • Documentation for configuring TLS encryption?

    From Karloch@1:103/705 to All on Sat Jan 5 04:30:01 2019
    Hi *,*,

    I am having a hard time configuring TLS encryption for the BBS services (HTTP, FTP, SMTP) since I am not finding documentation for it. Although the configuration files are quite self-explaining, I fail to see where I should point to my certificate files (key and cert).

    I am using Let's Encrypt wildcard certificates that are generated on other hosts, so I don't need Synchronet for performing that job, the BBS has just to grab existing certificates.

    Any tips or documentation pointing would be welcome.

    Regards,
    Carlos

    ---
    þ Synchronet þ HISPAMSX BBS - The 8-bit MSX computers BBS - 2:345/111@fidonet
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Karloch on Sat Jan 5 00:19:01 2019
    Re: Documentation for configuring TLS encryption?
    By: Karloch to All on Sat Jan 05 2019 04:30 am

    Hi *,*,

    I am having a hard time configuring TLS encryption for the BBS services (HTTP, FTP, SMTP) since I am not finding documentation for it. Although the configuration files are quite self-explaining, I fail to see where I should point to my certificate files (key and cert).

    The only certificate file that Synchronet supports is ctrl/ssl.cert. Cryptlib calls this a "keyset" file and apparently it contains the private key (it's not
    in a separate file). The private key appears to be encrypted with the BBS's "system password" (as configured in SCFG).

    I am using Let's Encrypt wildcard certificates that are generated on other hosts, so I don't need Synchronet for performing that job, the BBS has just to grab existing certificates.

    Any tips or documentation pointing would be welcome.

    The guy that wrote all the TLS/SSL stuff is Deuce. You can find him at irc.synchro.net and describe what it is you're trying to do and/or ask him to write some docs (e.g. article or two on wiki.synchro.net).

    digital man

    This Is Spinal Tap quote #31:
    Viv Savage: Quite exciting, this computer magic!
    Norco, CA WX: 49.8øF, 47.0% humidity, 0 mph SW wind, 0.00 inches rain/24hrs
    --- SBBSecho 3.06-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Karloch@1:103/705 to Digital Man on Mon Jan 7 11:49:09 2019
    Re: Documentation for configuring TLS encryption?
    By: Digital Man to Karloch on Sat Jan 05 2019 00:19:01

    The only certificate file that Synchronet supports is ctrl/ssl.cert. Cryptlib calls this a "keyset" file and apparently it contains the private key (it's not in a separate file). The private key appears to be encrypted with the BBS's "system password" (as configured in SCFG).

    That is a point in the right direction, however I have noticed that Synchronet will try always to generate that file. Maybe my Let's Encrypt certificates are not in the expected format for that file. For the time being, I have left the BBS with the self-signed certificates; but it makes much more sense to use the Let's Encrypt ones :)

    The guy that wrote all the TLS/SSL stuff is Deuce. You can find him at irc.synchro.net and describe what it is you're trying to do and/or ask him to write some docs (e.g. article or two on wiki.synchro.net).

    I will, I am sure this is way easier than it looks, some quick docs would really help :)

    Regards,
    Carlos

    ---
    þ Synchronet þ HISPAMSX BBS - The 8-bit MSX computers BBS - 2:341/111@fidonet
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)