Subj : Secure Telnet
To   : All
From : fusion
Date : Fri Mar 26 2021 04:19 pm

I got telnet over SSL working and thought I'd share the details since the
next official release of SyncTERM looks like it's going to support it. For
now we can use "stunnel" since the only BBS I've heard of that supports it
natively is BBBS.

Unfortunately there isn't an official 32-bit release anymore (and a lot of us
are on 32-bit for the dos support!) but luckily this nice fellow here
compiled and packaged up a 32-bit version for us:

https://github.com/josealf/stunnel-win32

I used the file "stunnel-testing-win32-installer.exe"

After install, you will be asked to create a certificate for the SSL
connections. If you haven't done so before, it asks you a series of questions:

Country (US, NZ, etc)
State
City or Province
Organization (I used the BBS name without "BBS" on the end)
Organization Unit: BBS
Common Name, domain, etc: throw in something like sslbbs.synchro.net or
whatever you use for your bbs
Email: yep.

For Windows 7 and up, you won't have permission to directly edit the config
file since it's in the "C:\Program Files" folder. You can either start up a
command prompt as administrator and edit there, or copy it, edit it, and
replace it with Windows Explorer (it should ask for authorization and show
the little shield or whatever.)

The config file has quite a few examples, but to make this easy, you can
simply delete all but one and modify it:

[bbs]
accept  = 992
connect = 23
cert    = stunnel.pem

Note that since stunnel redirects connections from port 992 to port 23, they
will show up as if they're connected locally! If your BBS features
anti-connection-spam (like Mystic) you should make sure 127.0.0.1 is included
in the whitelisted IP addresses file. You will have to match timestamps with
the stunnel log if you need to find a specific user..

Open port 992 on your firewall and you should be all set :)

In SyncTERM, you will have to edit your connection (F2) and change the
connection type to "TelnetS". As previously mentioned, it should be included
in the NEXT release of SyncTERM, so for now you will have to use the test
versions linked at the very bottom of the SyncTERM web page.

Hopefully someone finds this useful and it gets more widely adopted directly
in BBS software!

-------------------------------------------------------------------------------

For security minded folk: it doesn't look like certificate verification is
common even in the clients that have had this feature for a long time.. mostly
mainframe stuff. You can however use openssl to view the server's certificate
information with:

openssl s_client -connect mysuperbbs.com:992

If you want to get a legitimate certificate, LetsEncrypt is free, and is
fairly easy to automate updates for with Windows' task scheduler. In which
case openssl should show:

verify return:1

at each step as it walks the certificate chain.

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: cold fusion - cfbbs.net - grand rapids, mi

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.