Both Secure.EU.thundernews.com and secure.us.thundernews.com are being blocked by Sabnzb v2.01 and are receiving a warning that the certificate being used is untrusted.
appelboor.com shows thundernews as being unsecure. Yet, when I check sslshopper.com, thundernews is secure. Does anyone know what's going on?
Untrusted Certificate thundernews.com
Forum rules
Help us help you:
Help us help you:
- Are you using the latest stable version of SABnzbd? Downloads page.
- Tell us what system you run SABnzbd on.
- Adhere to the forum rules.
- Do you experience problems during downloading?
Check your connection in Status and Interface settings window.
Use Test Server in Config > Servers.
We will probably ask you to do a test using only basic settings. - Do you experience problems during repair or unpacking?
Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Re: Untrusted Certificate thundernews.com
https://www.sslshopper.com/ssl-checker. ... ws.com:563 gives a warning / exclamation mark saying "None of the common names in the certificate match the name that was entered (secure.eu.thundernews.com). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors.". So: not good.
That matches the "OK OK NOK" (the third item being Not OK) as reported by Appelboor and SABnzbd.
Solutions / workaround:
- contact thundernews.com to solve it. The only correct way, but probably hard as thundernews.com might deny / not recognize the problem
- do no use SSL / NNTPS with thundernews.com. Not secure, but at least you know it (so: red pill)
- lower the checking level in SABnzbd. You will be fooling yourself with as SSL-setting as it's not secure (so: blue pill)
- choose a news provider that does SSL / NNTPS correctly. Check https://www.appelboor.com/newsservers/n ... h-SSL.html for OK OK OK (triple OK) ... there are more than enough.
EDIT
Another tool to check the security of a NNTPS server, is ... curl (available for Linux, Windows, MacOS):
So: not good.
That matches the "OK OK NOK" (the third item being Not OK) as reported by Appelboor and SABnzbd.
Solutions / workaround:
- contact thundernews.com to solve it. The only correct way, but probably hard as thundernews.com might deny / not recognize the problem
- do no use SSL / NNTPS with thundernews.com. Not secure, but at least you know it (so: red pill)
- lower the checking level in SABnzbd. You will be fooling yourself with as SSL-setting as it's not secure (so: blue pill)
- choose a news provider that does SSL / NNTPS correctly. Check https://www.appelboor.com/newsservers/n ... h-SSL.html for OK OK OK (triple OK) ... there are more than enough.
EDIT
Another tool to check the security of a NNTPS server, is ... curl (available for Linux, Windows, MacOS):
Code: Select all
$ curl https://secure.us.thundernews.com:563/
curl: (51) SSL: no alternative certificate subject name matches target host name 'secure.us.thundernews.com'
Re: Untrusted Certificate thundernews.com
Is this something new with version 2.0? I never had a problem when I was using the older Sab software.
Would it help if I used a VPN?
Is it better for me to use the unsecured server us.thundernews.com or the secure server with the lower settings (blue pill). Will my internet provider be able to see what I'm doing.
I am running Sab on an old PC, which never leaves my home and is attached to the router via a CAT5 cable.
Would it help if I used a VPN?
Is it better for me to use the unsecured server us.thundernews.com or the secure server with the lower settings (blue pill). Will my internet provider be able to see what I'm doing.
I am running Sab on an old PC, which never leaves my home and is attached to the router via a CAT5 cable.
Re: Untrusted Certificate thundernews.com
Yes, as of SAB 2.0, SAB by default does not accept invalid SSL/TSL connections. Just like Chrome / Firefox doesn't accept that.Is this something new with version 2.0? I never had a problem when I was using the older Sab software.
Yes. But it makes it more difficult for you.Would it help if I used a VPN?
Ah, difficult dilemma. Red pill versus Blue pill. Probably SSL with lower settings.Is it better for me to use the unsecured server us.thundernews.com or the secure server with the lower settings (blue pill). Will my internet provider be able to see what I'm doing.
But apparently you want SSL / TLS so you do care about security that works. So why don't you contact Thundernews' helpdesk to let them correct their setup, or choose another News provider?I am running Sab on an old PC, which never leaves my home and is attached to the router via a CAT5 cable.
Re: Untrusted Certificate thundernews.com
I contacted Thundernews. They have 3 European servers and 2 American servers, that they don't show anywhere on their website, which have trusted certificates. I guess that they are lacking bandwidth and that's the reason Thundernews is keeping them hidden. Thanks for your help.
Re: Untrusted Certificate thundernews.com
And those secret servers have correct certificates? If so, they are in the .thundernews.com domain, or in sslusenet...?atillahun wrote:
I contacted Thundernews. They have 3 European servers and 2 American servers, that they don't show anywhere on their website, which have trusted certificates. I guess that they are lacking bandwidth and that's the reason Thundernews is keeping them hidden. Thanks for your help.
Re: Untrusted Certificate thundernews.com
The servers are in the sslusenet domain.
Re: Untrusted Certificate thundernews.com
I assume the ones mentioned by https://www.appelboor.com/cgi-bin/check ... ernews.com , soatillahun wrote:The servers are in the sslusenet domain.
Code: Select all
ams2.sslusenet.com
de.sslusenet.com
iad.sslusenet.com
news.sslusenet.com
nl.sslusenet.com
us.sslusenet.com
Did you have to change anything in your login name?
Re: Untrusted Certificate thundernews.com
Those are the servers that they said I could use. I didn't have to change my login name. Is this safe?I assume the ones mentioned by https://www.appelboor.com/cgi-bin/check ... ernews.com , so
CODE: SELECT ALL
ams2.sslusenet.com
de.sslusenet.com
iad.sslusenet.com
news.sslusenet.com
nl.sslusenet.com
us.sslusenet.com
Correct?
Did you have to change anything in your login name?
Re: Untrusted Certificate thundernews.com
Yes, that's safe. But I can imagine it's cumbersome and/or strange for you. So it would still be best if thundernews would solve it on their side (instead of letting all users do special things on the user side).atillahun wrote:Those are the servers that they said I could use. I didn't have to change my login name. Is this safe?I assume the ones mentioned by https://www.appelboor.com/cgi-bin/check ... ernews.com , so
CODE: SELECT ALL
ams2.sslusenet.com
de.sslusenet.com
iad.sslusenet.com
news.sslusenet.com
nl.sslusenet.com
us.sslusenet.com
Correct?
Did you have to change anything in your login name?
Good to hear your login name did not change. Is there anything in your login name that makes clear it's a thundernews login? For example "tn" in there? Or in "thunder" of something like that?
Re: Untrusted Certificate thundernews.com
The login has "tn" in it.Yes, that's safe. But I can imagine it's cumbersome and/or strange for you. So it would still be best if thundernews would solve it on their side (instead of letting all users do special things on the user side).
Good to hear your login name did not change. Is there anything in your login name that makes clear it's a thundernews login? For example "tn" in there? Or in "thunder" of something like that?
Re: Untrusted Certificate news-us.usenetserver.com
I am getting this on usenetserver.com. There are 2 server sets I can use:
news-us.usenetserver.com
Untrusted certificate error.
news-eu.usenetserver.com
Working fine, no errors.
I had to switch over to the eu server for the time being as I can't figure out why the us server is giving me this error.
Have checked both with https://www.appelboor.com/newsservers/check.html and also perused your list at https://www.appelboor.com/newsservers/n ... h-SSL.html. But when I test the server on Sabnzbd the us server always fails.
My login for each is the same username and pw.
Would like to use both servers, as usually get a little better speed as I am in the US.
I am running V2.1.0 right now, on WHS 2011.
Anyone else use usenetserver.com experiencing this?
I don't want to us it with SSL disable. Possible DNS Hijack?
news-us.usenetserver.com
Untrusted certificate error.
news-eu.usenetserver.com
Working fine, no errors.
I had to switch over to the eu server for the time being as I can't figure out why the us server is giving me this error.
Have checked both with https://www.appelboor.com/newsservers/check.html and also perused your list at https://www.appelboor.com/newsservers/n ... h-SSL.html. But when I test the server on Sabnzbd the us server always fails.
My login for each is the same username and pw.
Would like to use both servers, as usually get a little better speed as I am in the US.
I am running V2.1.0 right now, on WHS 2011.
Anyone else use usenetserver.com experiencing this?
I don't want to us it with SSL disable. Possible DNS Hijack?
Re: Untrusted Certificate thundernews.com
What error do you get specifically? Does it list other domains?
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
Re: Untrusted Certificate thundernews.com
Here is what I get:
[Errno 10061] Server news-us.usenetserver.com uses an untrusted certificate [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)] - https://sabnzbd.org/certificate-errors
Where would I see other domains? The Site checks out when tested on the SSL test sites I listed above. Just not in Sabnzbd. I don't understand why one of there server sets works fine and the other one gives untrusted certificate errors. Again, my login is the same for either one.
This has just started happening within the last few weeks. At first the error was intermittent. I would see them in the error warning panel from time to time, but downloads still were working. But they got worse, and now I can't connect to news-us.usenetserver.com unless I disable SSL totally, which I do not wish to do. In the meantime I am using news-eu.usenetserver.com which works fine, even in Strict.
Re: Untrusted Certificate thundernews.com
So it's an intermittent error, that's very strange. Sander, do you have a clue how that could be?
We need to read out the certificate, can you run this command:
openssl s_client -connect news-us.usenetserver.com:563
We need to read out the certificate, can you run this command:
openssl s_client -connect news-us.usenetserver.com:563
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate