<html><body><blockquote><br />----- Original Message -----<br /><div style="width:100%;background:rgb(228,228,228);"><div style="font-weight:bold;">From:</div> "Sebastian Andrzej Siewior" <sebastian@breakpointcc></div><br /><div style="font-weight:bold;">To:</div>"Arthur Marsh" <arthur.marsh@internode.on.net>, <1012564@bugs.debian.org><br /><div style="font-weight:bold;">Cc:</div><br /><div style="font-weight:bold;">Sent:</div>Mon, 20 Jun 2022 19:16:36 +0200<br /><div style="font-weight:bold;">Subject:</div>Re: Bug#1012564: openssl: ckermit can't connect to telnetd-ssl with openssl 3.0.3-7<br /><br /><br />
On 2022-06-20 19:10:27 [+0200], To Arthur Marsh wrote:<br />
> I have here<br />
>    telnet-ssl  0.17.41+0.2-3.3+b1<br />
>    telnetd-ssl 0.17.41+0.2-3.3+b1<br />
>    libssl3     3.0.3-8<br />
>    openssl     3.0.3-8<br /><br />
adding<br />
   ckermit        305~alpha07-1+b1<br /><br /></blockquote><blockquote>When upgrading telnetd-ssl <span style="font-family:monospace;">(0.17.41+0.2-3.3+b1) over (0.17.41+0.2-3.3)</span></blockquote><blockquote><span style="font-family:monospace;">I received the line:</span></blockquote><blockquote><span style="font-family:monospace;">You already have /etc/telnetd-ssl/telnetd.pem<br /></span></blockquote><blockquote><span style="font-family:monospace;">After upgrading both telnetd-ssl as above and </span><span style="font-family:monospace;">openssl (3.0.3-8) over (3.0.3-6),</span></blockquote><blockquote><span style="font-family:monospace;">I still had telnet-ssl localhost failing:</span></blockquote><blockquote><span style="font-family:monospace;">$ telnet-ssl localhost
<br />Trying ::1...
<br />Connected to localhost.
<br />Escape character is '^]'.
<br />Error loading CRT /etc/telnetd-ssl/telnetd.pem: <NULL>, ee key too small
<br />do_ssleay_init() failed
<br />408788F4E87F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too <br />small:../ssl/ssl_rsa.c:221:
<br />Connection closed by foreign host.</span></blockquote><blockquote><span style="font-family:monospace;">ckermit run as a symbolic link from telnet also was unsuccessful:</span></blockquote><blockquote><span style="font-family:monospace;">$ telnet localhost
<br /> DNS Lookup...  Trying 127.0.0.1..  Reverse DNS Lookup... (OK)
<br /> localhost connected on port telnet
<br /><br />?Connection closed by peer.
<br />can't open host connection
<br />Closing localhost:23...OK<br /></span></blockquote><blockquote>I renamed <span style="font-family:monospace;">/etc/telnetd-ssl/telnetd.pem to /etc/telnetd-ssl/oldtelnetd-ssl.pem </span>and re-installed telnetd-ssl <span style="font-family:monospace;">0.17.41+0.2-3.3+b1</span></blockquote><blockquote>telnetd-ssl still failed:</blockquote><blockquote><span style="font-family:monospace;">$ telnet-ssl localhost
<br />xprop:  unable to open display '127.00.1:0'
<br />Trying ::1...
<br />Connected to localhost.
<br />Escape character is '^]'.
<br />telnetd: SSL required - connection rejected.
<br />Connection closed by foreign host.<br /></span></blockquote><blockquote>but ckermit run as a symbolic link from telnet now works:</blockquote><blockquote><span style="font-family:monospace;">$ telnet localhost
<br />xprop:  unable to open display '127.0.0.1:0'
<br /> DNS Lookup...  Trying 127.0.0.1...  Reverse DNS Lookup... (OK)
<br /> localhost connected on port telnet
<br />Authenticating with SSL
<br />Warning: Server has a self-signed certificate
<br />[0] Certificate Subject=
<br />    O=Internet Widgits Pty Ltd
<br />    OU=am64 telnetd
<br />    CN=am64
<br />    emailAddress=root@am64
<br />[0] Certificate Issuer=
<br />    O=Internet Widgits Pty Ltd
<br />    OU=am64 telnetd
<br />    CN=am64
<br />    emailAddress=root@am64
<br />Continue? (Y/N) y
<br />[TLS - TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(25<br />6)            Mac=AEAD
<br />Compression: None
<br />Password:<br /></span></blockquote><blockquote><span style="font-family:monospace;">This solves the issue I was having and the /etc/telnetd-ssl/telnetd.pem "ee key too small" may be a clue to what was causing problems for me.</span></blockquote><blockquote><span style="font-family:monospace;">Thanks for your time looking at this.</span></blockquote><blockquote>Arthur Marsh.</blockquote><blockquote><br /></blockquote><blockquote><br /></blockquote></body></html>