Sounds promising, I'm sure you would not find anyone complaining about a 1.3Mb program.
About the Root certificates, there is indeed an option to export certificates from IE7.
I presume we would need to find out from our news server which CA they use?
So if my usenet server uses GoDaddy I would go export the GoDaddy cert from IE7, is this correct?
Stunnel setup with Usenet Explorer
ok the version without certificates is working here, at quick look i checked it with secnews.netscape.com
if someone wants to test the speed let me know, i can compile it and put download link right here.
the bandwidth will show the actual data download speed not the raw encrypted bandwidth, so it will be easy to compare performance with and without SSL.
i found out i forgot to synchronize keep alive with server subsets, i'm not sure i'll correct this first or check the certificate subject. btw keep alive is working with SSL as well.
if someone wants to test the speed let me know, i can compile it and put download link right here.
the bandwidth will show the actual data download speed not the raw encrypted bandwidth, so it will be easy to compare performance with and without SSL.
i found out i forgot to synchronize keep alive with server subsets, i'm not sure i'll correct this first or check the certificate subject. btw keep alive is working with SSL as well.
http://www.netwu.com/ue/ue1742ssl.rar
anyone if sees any crashes please don't forget to email me or paste here log.txt (i changed some server related code and adjusted client as well to be in accord with the changes, problems very unlikely though since the server runs perfectly)
as to SSL i would appreciate feedback about difference in the data download speed in the status bar so we can estimate how many % in bandwidth SSL overhead takes.
i may change the version if you are interested better set watch on this thread.
anyone if sees any crashes please don't forget to email me or paste here log.txt (i changed some server related code and adjusted client as well to be in accord with the changes, problems very unlikely though since the server runs perfectly)
as to SSL i would appreciate feedback about difference in the data download speed in the status bar so we can estimate how many % in bandwidth SSL overhead takes.
i may change the version if you are interested better set watch on this thread.
I must be doing something wrong.
I previously had UE 1.7.3 running with stunnel and working fine.
I stopped the stunnel service and set it to manual start. I turned of the standard windows firewall. I disabled all of my existing servers. I created a new server to secure.usenetserver.com port 563 and checked the ssl checkbox. I cannot get headers and cannot get a newgroup list.
I am running Vista Ultimate, if that makes a difference.
What have I done wrong?
I previously had UE 1.7.3 running with stunnel and working fine.
I stopped the stunnel service and set it to manual start. I turned of the standard windows firewall. I disabled all of my existing servers. I created a new server to secure.usenetserver.com port 563 and checked the ssl checkbox. I cannot get headers and cannot get a newgroup list.
I am running Vista Ultimate, if that makes a difference.
What have I done wrong?
That's it. Setting max tasks to zero seems to be a bug. I remember now that I have seen this before.
As far as speed goes I see no difference between UE 1.7.3 with stunnel and 1.7.4.2. In fact, I see a speed increase from 1.7.3 through secure-tunnel and SSH from about 500 to 800 kB/s so I am a happy camper.
How do I test to make sure that this communication is actually going through SSL and my communication is secure?
As far as speed goes I see no difference between UE 1.7.3 with stunnel and 1.7.4.2. In fact, I see a speed increase from 1.7.3 through secure-tunnel and SSH from about 500 to 800 kB/s so I am a happy camper.
How do I test to make sure that this communication is actually going through SSL and my communication is secure?
if you configured to ssl port it cannot do straight connection, if you uncheck "ssl" in the server properties - it won't work at all, with normal connection server writes first, with ssl - the client does so if non-ssl client tries to connect to ssl port - the client and the server both will be waiting and then maybe timeout error will result.
i also put small yellow lock sign on the server with ssl enabled.
to change default number of connections for new server edit menu->properties->servers, select the topmost "new server" item and set leftmost "max.tasks" to something else than zero and press "ok".
i also put small yellow lock sign on the server with ssl enabled.
to change default number of connections for new server edit menu->properties->servers, select the topmost "new server" item and set leftmost "max.tasks" to something else than zero and press "ok".
I use a program called dumeter to monitor the speed of my internet connection. It runs in the system tray and reports all ethernet activity. With 1.7.3 and secure-tunnel the speeds reported in dumeter and UE were essentially the same. Now that I have switched over to SSL, UE reports ~800 kB/s and dumeter reports ~30 mbps. Do you know why dumeter reports such a high number? My internet connection is supposed to be capped at 8mbps so it seems like dumeter is wrong.
Am I downloading at 8 mbps or 30 mbps? I do not want to make my internet isp mad.
Am I downloading at 8 mbps or 30 mbps? I do not want to make my internet isp mad.
UE shows the decrypted data download speed, the raw data bandwidth is be a bit higher because it also includes the SSL overhead. So if your ISP doesn't cap download speed based on packet content, your server is able to saturate your connection and noone is intercepting your packets or you don't care naturally you get better download speed without SSL.
Also maybe a positive moment if you are using SSL is data integrity - if e.g. you have malfunctioning firewall which corrupts downloads - you won't get corrupted downloads at all but rather as soon as a corruption occurs the download will be aborted (and retried - since I made all SSL errors retriable).
Also maybe a positive moment if you are using SSL is data integrity - if e.g. you have malfunctioning firewall which corrupts downloads - you won't get corrupted downloads at all but rather as soon as a corruption occurs the download will be aborted (and retried - since I made all SSL errors retriable).