TSL/SSL

This is the place to help test and discuss Version 6 Beta releases.

TSL/SSL

Postby TBlack » Tue Mar 03, 2015 3:22 pm

The Server Options Window has no reference or selection or Option for TLS vs. SSL. Is this by design? Can or should TLS be a choice and SSL be turned off because of Heartbleed? Release notes indicate that 6.60 handles TLS and falls back to SSL which implies TLS can function by itself. I do run secure.usenetserver.com on SSL and have for a long time. Some insights on TLS vs SSL might be very beneficial for users, which one is better and more secure, etc.

Thanks
Tom
User avatar
TBlack
Seasoned User
Seasoned User
 
Posts: 340
Joined: Sat Mar 23, 2002 12:30 pm
Location: Indiana

Registered Newsbin User since: 04/05/03

Re: TSL/SSL

Postby Quade » Tue Mar 03, 2015 3:37 pm

6.60 defaults to TLS V1. It seems to still work with SSLV3 only servers.

I'm not really sure what you're asking to be honest. There's an option to force SSLV2. Some of the euro people can get around throttling by using V2.
User avatar
Quade
Eternal n00b
Eternal n00b
 
Posts: 44981
Joined: Sat May 19, 2001 12:41 am
Location: Virginia, US

Registered Newsbin User since: 10/24/97

Re: TSL/SSL

Postby TBlack » Tue Mar 03, 2015 3:42 pm

I just pointing out there is no reference to TLS on the Server Option Page and wonder if there should be, and if there should be a choice for TLS only?

Thanks
Tom
User avatar
TBlack
Seasoned User
Seasoned User
 
Posts: 340
Joined: Sat Mar 23, 2002 12:30 pm
Location: Indiana

Registered Newsbin User since: 04/05/03

Re: TSL/SSL

Postby Quade » Tue Mar 03, 2015 4:50 pm

The server controls what you end up with. If the server support TLS it uses TLS.

You want it to fail to connect to the server if it only supports SSLV3?
User avatar
Quade
Eternal n00b
Eternal n00b
 
Posts: 44981
Joined: Sat May 19, 2001 12:41 am
Location: Virginia, US

Registered Newsbin User since: 10/24/97

Re: TSL/SSL

Postby TBlack » Tue Mar 03, 2015 5:30 pm

Quade wrote:You want it to fail to connect to the server if it only supports SSLV3?


No, not necessarily for now. I am curious though which one is better and more secure, TLS or SSLV3. Is TLS thought to be or intended to be more secure?

Maybe someday when more servers can handle either, then there can be a choice of TLS or SSLV3, along with an indication which one is more secure end-to-end. On the other hand, maybe the protocol will always be that a TLS connection is attempted first with a SSLV3 Fallback. This would make a choice unnecessary inside NB.

If TLS is more secure than SSLV3, once more servers support TLS, I could see a need for TLS Only choices inside NB.

Maybe for now, what you do is update the Server Option Page to indicate TLS/SSLV3 with a SSLV3 Fallback (instead of just SSLV3 with no mention of TLS capability in NB). This lets users know NB is compatible with both protocols. Just a thought. :)

Thanks
Tom
User avatar
TBlack
Seasoned User
Seasoned User
 
Posts: 340
Joined: Sat Mar 23, 2002 12:30 pm
Location: Indiana

Registered Newsbin User since: 04/05/03

Re: TSL/SSL

Postby Quade » Tue Mar 03, 2015 5:42 pm

TLS is better. SSLV3 is broken. I believe servers are transitioning to being TLS only but they're not there yet.

Beggars can't be choosers. If your server only supports SSLV3 then that's all you can use. I don't foresee ever needing a switch in Newsbin to enforce it. I can't imagine you paying for a server and then not using it because they don't support a specific version of SSL. If it was banking transactions then sure but SSL for usenet is mostly a best effort affair.

I'm not really dissing your idea. I'm just not sure how useful it is. Maybe I need to see a use case for why I'd want to do this.
User avatar
Quade
Eternal n00b
Eternal n00b
 
Posts: 44981
Joined: Sat May 19, 2001 12:41 am
Location: Virginia, US

Registered Newsbin User since: 10/24/97

Re: TSL/SSL

Postby TBlack » Tue Mar 03, 2015 6:14 pm

No problem, I understand. Still a lot of transitioning to be done and who really knows at this point.

You still may want to make some TLS reference on the Server Option Page so users know NB can handle TLS with a Fallback. Just a thought.

Thanks
Tom
User avatar
TBlack
Seasoned User
Seasoned User
 
Posts: 340
Joined: Sat Mar 23, 2002 12:30 pm
Location: Indiana

Registered Newsbin User since: 04/05/03


Return to Newsbin Version 6 Beta Support

Who is online

Users browsing this forum: kenr and 3 guests