<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I'm using stunnel to encrypt newsgroup traffic. Essentially use
stunnel to encrypt port 119 traffic (from the Pan Newsreader) then
securely communicate over 563 with astraweb secure servers. The
whole set-up is described in detail in this blog post: <a
moz-do-not-send="true"
href="http://blog.trebacz.com/2012/03/installing-stunnel-to-enable-ssl.html">http://blog.trebacz.com/2012/03/installing-stunnel-to-enable-ssl.html</a><br>
<div class="moz-forward-container"> <br>
The system has been "working" for several months, but someone on
the blog asked how to confirm it. I checked my logs and each time
I'm finished using Pan/Stunnel to download anything I get several
entries in my syslog like:<br>
<br>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<span style="color: rgb(0, 0, 0); font-family: Ubuntu, Ubuntu,
'Ubuntu Beta', UbuntuBeta, 'Bitstream Vera Sans', 'DejaVu Sans',
Tahoma, HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica
Neue', Helvetica, Arial, sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;
background-color: rgb(236, 233, 231); display: inline
!important; float: none;"> </span>stunnel:
LOG5[2111:140426048358144]: Connection closed: 3259 byte(s) sent
to SSL, 16756212 byte(s) sent to socket<span style="color: rgb(0,
0, 0); font-family: Ubuntu, Ubuntu, 'Ubuntu Beta', UbuntuBeta,
'Bitstream Vera Sans', 'DejaVu Sans', Tahoma,
HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica Neue',
Helvetica, Arial, sans-serif; font-size: 13px; font-style:
normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;
background-color: rgb(236, 233, 231); display: inline
!important; float: none;"><br>
</span><br>
I started to wonder does this mean some of the traffic was
encrypted, but most wasn't?<br>
<br>
I fired up wireshark filtered the results to show port 563 traffic
(
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
filter set to tcp.port == 563) as was suggested in another post (
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<a moz-do-not-send="true"
href="http://ubuntuforums.org/showpost.php?p=5400958&postcount=9">http://ubuntuforums.org/showpost.php?p=5400958&postcount=9</a>).
Wireshark does show the traffic is correctly flow through port 563
with astrawebs newsservers when requesting data, but how do I know
the traffic is encrypted? I inspected likely packets to contain
encrypted data and I don't see anything in plain text (but they're
zlib compressed also).<br>
<br>
<br>
<br>
</div>
<br>
</body>
</html>