TLS handshake failed: error:1408F10B:SSL routines:ssl3_get_r

@ de Hakkelaar:

nslookup news.sunnyusenet.com geeft:

nslookup news.sunnyusenet.com
Server: 192.168.1.50
Address: 192.168.1.50#53

Non-authoritative answer:
Name: news.sunnyusenet.com
Address: 185.90.196.173
Name: news.sunnyusenet.com
Address: 185.90.196.163

openssl s_client -connect news.sunnyusenet.com:443 </dev/null 2>/dev/null | openssl x509 -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:9b:3b:da:23:b6:63:7c:21:52:7d:e1:a7:93:67:53:38:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = R3
Validity
Not Before: May 27 06:12:27 2024 GMT
Not After : Aug 25 06:12:26 2024 GMT
Subject: CN = sunnyusenet.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b5:97:6f:07:75:a2:0b:b2:3e:f0:6e:0a:87:01:
d0:ce:c0:cb:d6:50:c7:cd:77:94:5e:51:18:92:65:
b5:e3:ea:e3:a4:a5:92:ec:2b:ce:0a:8b:a0:1b:10:
1b:da:58:4b:53:13:85:1f:1a:92:6c:a9:10:85:95:
d4:f5:ef:00:40:bb:e8:dc:b1:37:5d:9e:d5:8e:81:
6e:93:a0:42:ec:e1:94:15:09:06:22:fe:ba:b9:7e:
02:45:ca:8a:01:6a:73:e3:ba:a2:cd:28:a6:57:61:
ea:a1:45:db:e7:a7:0c:89:72:f1:57:b9:48:32:2c:
df:07:57:14:73:e7:a9:17:35:45:25:db:58:5f:73:
5d:7d:d6:d4:06:7a:3b:4b:04:58:62:e9:a7:6e:2f:
9c:89:1a:00:99:58:f8:32:fe:4c:37:2b:92:94:5f:
f9:8c:19:27:4a:14:b6:60:68:3a:7f:67:d7:33:c4:
59:c7:6c:1b:6e:31:3f:46:e1:ee:6d:c4:a1:99:78:
2e:78:fb:98:c1:3d:d7:b4:d4:6d:59:5f:1e:f6:81:
f8:ee:ed:b6:77:1e:5b:a8:a2:c1:e5:45:2c:db:e7:
25:05:b0:6d:dd:f9:10:29:05:64:14:c0:71:b5:9d:
fa:d3:5b:9e:13:ac:96:91:01:1d:be:8b:7d:cd:1b:
66:eb:04:2c:2b:53:ff:2c:0e:96:20:44:92:6c:e8:
fb:2b:62:5a:45:69:b2:af:03:2e:74:18:06:45:70:
80:ac:e0:13:dd:d9:3e:b3:d6:ed:60:86:05:4c:c3:
be:55:b9:3e:96:13:04:7a:a2:63:77:ee:a0:2d:bf:
fe:f0:65:86:2d:59:ed:12:ec:74:b0:78:e7:30:db:
be:ba:39:a6:f5:8a:f4:e6:9c:b6:75:e8:a2:82:fe:
5e:c1:da:d1:4f:64:b7:fd:d2:56:d1:1e:6a:ad:bf:
f9:1d:50:0e:8c:91:22:06:0d:1a:dd:ac:9a:75:a8:
6d:06:45:6b:18:d5:12:a0:03:79:f2:01:ed:60:5e:
36:7a:94:07:91:3f:e1:1e:7c:a8:6a:fc:ad:32:80:
14:a8:09:f5:41:d6:bf:f0:10:44:b9:d3:0d:a1:8b:
64:e3:da:a6:eb:11:2b:ca:d1:29:0e:50:25:14:f3:
56:b7:e2:16:5e:e7:c0:99:d9:a3:62:51:cb:d6:28:
19:d3:27:b1:c1:32:96:e0:e9:2f:53:97:95:b0:ef:
10:f2:ed:42:9d:2b:a7:4c:83:30:92:26:5b:f8:a5:
9e:bd:e5:93:09:2a:cc:18:80:7c:a7:f6:5c:f9:20:
7a:c7:0b:12:ad:2a:1b:16:fb:33:ef:6d:13:98:81:
6a:96:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D1:A7:E0:49:E7:03:0C:29:EF:9C:74:2B:C7:DA:5F:AC:AF:A4:2E:09
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/

X509v3 Subject Alternative Name:
DNS:*.sunnyusenet.com, DNS:sunnyusenet.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1

CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
Timestamp : May 27 07:12:27.248 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:D3:D5:73:47:20:73:E2:DC:53:11:BF:
C7:3C:A9:BC:DC:6D:A7:73:89:91:DC:21:8F:F3:FB:6A:
DA:1F:15:15:10:02:20:15:4F:56:5F:F5:07:D6:98:EF:
0F:B4:47:BD:0B:58:71:56:9D:5B:6C:CB:B2:F0:95:E2:
32:95:40:42:66:88:1C
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 19:98:10:71:09:F0:D6:52:2E:30:80:D2:9E:3F:64:BB:
83:6E:28:CC:F9:0F:52:8E:EE:DF:CE:4A:3F:16:B4:CA
Timestamp : May 27 07:12:27.257 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:9E:42:5A:8B:87:04:F0:8E:BE:CC:BD:
27:1B:A0:F8:6D:56:EA:1F:E5:7E:E5:8A:2F:6E:9F:79:
D9:C3:8E:DE:BD:02:20:78:E1:31:2A:C7:E1:68:11:DE:
1A:FA:64:0D:1F:D8:3E:9C:DE:C3:4C:41:98:4A:71:96:
86:A9:D5:BF:7F:98:7C
Signature Algorithm: sha256WithRSAEncryption
87:89:f4:5b:71:ac:59:70:08:b5:87:d8:21:11:37:89:71:a3:
74:96:15:ee:5a:d1:58:4f:39:ed:17:6d:51:62:b4:0d:5f:c9:
ec:55:4c:3e:d4:b0:e7:44:6c:4b:2a:90:17:9c:2f:72:cb:15:
82:c5:3c:11:b0:ef:f3:b5:c2:87:ee:88:63:01:f2:00:30:9c:
20:90:fa:fa:04:48:24:91:d0:c7:47:a6:cf:15:2e:c9:0e:65:
f9:d4:58:53:e1:3c:9d:17:d8:2f:13:50:02:39:aa:79:1f:4e:
a2:71:90:72:94:8d:fc:2d:c5:7c:a2:48:49:26:97:37:5a:8e:
7f:65:87:22:0a:8c:a3:cd:87:f5:f4:fd:1e:97:ae:91:14:37:
0f:d1:1c:9b:57:e1:2f:12:8f:f4:45:14:40:4e:81:b7:78:60:
aa:f4:cb:55:da:94:c0:77:b3:b0:cd:55:50:66:71:48:51:8b:
0a:f8:ce:a9:b5:0a:d9:08:ee:62:43:62:e4:a3:13:8e:6b:b0:
55:97:bd:d8:d2:7b:d0:cc:07:f9:db:28:89:55:87:a2:ae:c9:
cd:0a:de:a4


penssl s_client -connect news.sunnyusenet.com:563 </dev/null 2>/dev/null | openssl x509 -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:9b:3b:da:23:b6:63:7c:21:52:7d:e1:a7:93:67:53:38:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = R3
Validity
Not Before: May 27 06:12:27 2024 GMT
Not After : Aug 25 06:12:26 2024 GMT
Subject: CN = sunnyusenet.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b5:97:6f:07:75:a2:0b:b2:3e:f0:6e:0a:87:01:
d0:ce:c0:cb:d6:50:c7:cd:77:94:5e:51:18:92:65:
b5:e3:ea:e3:a4:a5:92:ec:2b:ce:0a:8b:a0:1b:10:
1b:da:58:4b:53:13:85:1f:1a:92:6c:a9:10:85:95:
d4:f5:ef:00:40:bb:e8:dc:b1:37:5d:9e:d5:8e:81:
6e:93:a0:42:ec:e1:94:15:09:06:22:fe:ba:b9:7e:
02:45:ca:8a:01:6a:73:e3:ba:a2:cd:28:a6:57:61:
ea:a1:45:db:e7:a7:0c:89:72:f1:57:b9:48:32:2c:
df:07:57:14:73:e7:a9:17:35:45:25:db:58:5f:73:
5d:7d:d6:d4:06:7a:3b:4b:04:58:62:e9:a7:6e:2f:
9c:89:1a:00:99:58:f8:32:fe:4c:37:2b:92:94:5f:
f9:8c:19:27:4a:14:b6:60:68:3a:7f:67:d7:33:c4:
59:c7:6c:1b:6e:31:3f:46:e1:ee:6d:c4:a1:99:78:
2e:78:fb:98:c1:3d:d7:b4:d4:6d:59:5f:1e:f6:81:
f8:ee:ed:b6:77:1e:5b:a8:a2:c1:e5:45:2c:db:e7:
25:05:b0:6d:dd:f9:10:29:05:64:14:c0:71:b5:9d:
fa:d3:5b:9e:13:ac:96:91:01:1d:be:8b:7d:cd:1b:
66:eb:04:2c:2b:53:ff:2c:0e:96:20:44:92:6c:e8:
fb:2b:62:5a:45:69:b2:af:03:2e:74:18:06:45:70:
80:ac:e0:13:dd:d9:3e:b3:d6:ed:60:86:05:4c:c3:
be:55:b9:3e:96:13:04:7a:a2:63:77:ee:a0:2d:bf:
fe:f0:65:86:2d:59:ed:12:ec:74:b0:78:e7:30:db:
be:ba:39:a6:f5:8a:f4:e6:9c:b6:75:e8:a2:82:fe:
5e:c1:da:d1:4f:64:b7:fd:d2:56:d1:1e:6a:ad:bf:
f9:1d:50:0e:8c:91:22:06:0d:1a:dd:ac:9a:75:a8:
6d:06:45:6b:18:d5:12:a0:03:79:f2:01:ed:60:5e:
36:7a:94:07:91:3f:e1:1e:7c:a8:6a:fc:ad:32:80:
14:a8:09:f5:41:d6:bf:f0:10:44:b9:d3:0d:a1:8b:
64:e3:da:a6:eb:11:2b:ca:d1:29:0e:50:25:14:f3:
56:b7:e2:16:5e:e7:c0:99:d9:a3:62:51:cb:d6:28:
19:d3:27:b1:c1:32:96:e0:e9:2f:53:97:95:b0:ef:
10:f2:ed:42:9d:2b:a7:4c:83:30:92:26:5b:f8:a5:
9e:bd:e5:93:09:2a:cc:18:80:7c:a7:f6:5c:f9:20:
7a:c7:0b:12:ad:2a:1b:16:fb:33:ef:6d:13:98:81:
6a:96:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D1:A7:E0:49:E7:03:0C:29:EF:9C:74:2B:C7:DA:5F:AC:AF:A4:2E:09
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/

X509v3 Subject Alternative Name:
DNS:*.sunnyusenet.com, DNS:sunnyusenet.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1

CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
Timestamp : May 27 07:12:27.248 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:D3:D5:73:47:20:73:E2:DC:53:11:BF:
C7:3C:A9:BC:DC:6D:A7:73:89:91:DC:21:8F:F3:FB:6A:
DA:1F:15:15:10:02:20:15:4F:56:5F:F5:07:D6:98:EF:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 19:98:10:71:09:F0:D6:52:2E:30:80:D2:9E:3F:64:BB:
83:6E:28:CC:F9:0F:52:8E:EE:DF:CE:4A:3F:16
Timestamp : May 27 07:12:27.257 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
27:1B:A0:F8:6D:56:EA:1F:E5:7E:E5:8A:2F:6E:9F:79:
D9:C3:8E:DE:BD:02:20:78:E1:31:2A:C7:E1:68:11
1A:FA:64:0D:1F:D8:3E:9C:DE:C3:4C:41:98:4A:71
86:A9:D5:BF:7F:98:7C
Signature Algorithm: sha256WithRSAEncryption
87:89:f4:5b:71:ac:59:70:08:b5:87:d8:21:11:37:89:71:a3:
74:96:15:ee:5a:d1:58:4f:39:ed:17:6d:51:62:b4:0d:5f:c9:
ec:55:4c:3e:d4:b0:e7:44:6c:4b:2a:90:17:9c:2f:72:cb:15:
82:c5:3c:11:b0:ef:f3:b5:c2:87:ee:88:63:01:f2:00:30:9c:
30:1e:10:4d:15:17:36:69:3a:46:91:a2:5a:35:2c:91:89:cf:
c1:61:74:ae:ac:05:d5:e8:6c:b5:7f:20:6c:2f:6c:64:0b:74:
20:90:fa:fa:04:48:24:91:d0:c7:47:a6:cf:15:2e:c9:0e:65:
f9:d4:58:53:e1:3c:9d:17:d8:2f:13:50:02:39:aa:79:1f:4e:
7f:65:87:22:0a:8c:a3:cd:87:f5:f4:fd:1e:97:ae:91:14:37:
0f:d1:1c:9b:57:e1:2f:12:8f:f4:45:14:40:4e:81:b7:78:60:


openssl s_client -connect news.sunnyusenet.com:563 </dev/null
CONNECTED(00000004)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = sunnyusenet.com
verify return:1
---
Certificate chain
0 s:CN = sunnyusenet.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF/jCCBOagAwIBAgISBJs72iO2Y3whUn3hp5NnUzi/MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDA1MjcwNjEyMjdaFw0yNDA4MjUwNjEyMjZaMBoxGDAWBgNVBAMT
D3N1bm55dXNlbmV0LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
ALWXbwd1oguyPvBuCocB0M7Ay9ZQx813lF5RGJJltePq46SlkuwrzgqLoBsQG9pY
S1MThR8akmypEIWV1PXvAEC76NyxN12e1Y6BbpOgQuzhlBUJBiL+url+AkXKigFq
c+O6os0opldh6qFF2+enDIly8Ve5SDIs3wdXFHPnqRc1RSXbWF9zXX3W1AZ6O0sE
WGLpp24vnIkaAJlY+DL+TDcrkpRf+YwZJ0oUtmBoOn9n1zPEWcdsG24xP0bh7m3E
oZl4Lnj7mME917TUbVlfHvaB+O7ttnceW6iiweVFLNvnJQWwbd35ECkFZBTAcbWd
E93ZPrPW7WCGBUzDvlW5PpYTBHqiY3fuoC2//vBlhi1Z7RLsdLB45zDbvro5pvWK
9OactnXoooL+XsHa0U9kt/3SVtEeaq2/+R1QDoyRIgYNGt2smnWobQZFaxjVEqAD
efIB7WBeNnqUB5E/4R58qGr8rTKAFKgJ9UHWv/AQRLnTDaGLZOPapusRK8rRKQ5Q
JRTzVrfiFl7nwJnZo2JRy9YoGdMnscEyluDpL1OXlbDvEPLtQp0rp0yDMJImW/il
nr3lkwkqzBiAfKf2XPkgescLEq0qGxb7M+9tE5iBapYNAgMBAAGjggIkMIICIDAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
A1UdEwEB/wQCMAAwHQYDVR0OBBYEFNGn4EnnAwwp75x0K8faX6yvpC4JMB8GA1Ud
IwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggr
BgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRw
Oi8vcjMuaS5sZW5jci5vcmcvMC0GA1UdEQQmMCSCESouc3Vubnl1c2VuZXQuY29t
gg9zdW5ueXVzZW5ldC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEE
AdZ5AgQCBIH1BIHyAPAAdgA/F0tP1yJHWJQdZRyEvg0S7ZA3fx+FauvBvyiF7Phk
bgAAAY+45LRwAAAEAwBHMEUCIQDT1XNHIHPi3FMRv8c8qbzcbadziZHcIY/z+2ra
HxUVEAIgFU9WX/UH1pjvD7RHvQtYcVadW2zLsvCV4jKVQEJmiBwAdgAZmBBxCfDW
Ui4wgNKeP2S7g24ozPkPUo7u385KPxa0ygAAAY+45LR5AAAEAwBHMEUCIQCeQlqL
hwTwjr7MvScboPhtVuof5X7lii9un3nZw47evQIgeOExKsfhaBHeGvpkDR/YPpze
w0xBmEpxloap1b9/mHwwDQYJKoZIhvcNAQELBQADggEBAIeJ9FtxrFlwCLWH2CER
wofuiGMB8gAwnDAeEE0VFzZpOkaRolo1LJGJz8FhdK6sBdXobLV/IGwvbGQLdCCQ
+voESCSR0MdHps8VLskOZfnUWFPhPJ0X2C8TUAI5qnkfTqJxkHKUjfwtxXyiSEkm
lzdajn9lhyIKjKPNh/X0/R6XrpEUNw/RHJtX4S8Sj/RFFEBOgbd4YKr0y1XalMB3
3qQ=
-----END CERTIFICATE-----
subject=CN = sunnyusenet.com

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3665 bytes and written 402 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE

In Control Panel/Security/Advanced/TLS/SSL Profile heb ik intermediate compatibility aangevinkt.
Is dit nog iets om anders naar te kijken? Poort 563 heb ik even open gezet. e.e.a. lijkt tot nu toe geen resultaat op te leveren. Ook firewall uit werkt niet.

Tsja, al 20 jaar lid, maar altijd met Windows gewerkt. Nu met Linux, en een NAS. Dus het spijt me als ik de suggestie heb gewekt dat ik all round ben, dat ben ik zeker niet. Inmiddels ook al op leeftijd, dus zo fit als de meesten hier ben ik ook niet meer.
Ik ga die poort veranderen in het downloadstation. dat zal gaan helpen.Thnx

Kijk, traag van begrip, maar nu ik poort 563 in downloadstation heb geopend werkt hij zoals het moet.
Die stond nog op 119, en ik maar denken dat dit erbij hoorde.
Thnx, Het werkt, mag een slotje op van mij