1. Forum
  2. USENET
  3. news.software.readers

  • [Forte Agent] Notice: Forte Agent and the latest SSL/TLS protocols

    From Ralph Fox@-rf-nz-@-.invalid to news.software.readers on Mon Mar 2 14:58:54 2026
    From Newsgroup: news.software.readers

    *** NOTICE FOR FORTE AGENT USERS ***

    Forte Agent 3.2 - 8.0 needs only a small configuration change to
    support the latest SSL/TLS protocols.

    If you get an SSL error 80090302 with a server, then most likely
    you need this configuration change.

    -a-a-a In the [Online] section of AGENT.INI,
    -a-a-a change the setting 'AllowedSSLProtocols' from this: -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=0

    -a-a-a to one of these:
    -a-a-a-a * In Windows 11, and in Windows 10 version 1903 and later, -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=10880
    -a-a-a-a-a-a This will configure Agent to support TLS1.2 and TLS1.3.

    -a-a-a-a * In Windows 8.1 (and old Windows 10 older than 1903) -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=2688
    -a-a-a-a-a-a This will configure Agent to support TLS1.2.
    -a-a-a-a-a-a These versions of Windows will not support TLS1.3.

    If you are running Windows XP, 7, or Vista

    -a-a-a Agent uses the Windows implementation of SSL/TLS. These versions
    -a-a-a of Windows did not support either TLS1.2 or TLS1.3.

    -a-a-a There are fixes on the Internet to reportedly enable TLS1.2 in
    -a-a-a these operating systems. You would need to both apply these fixes -a-a-a to your OS and then make the configuration change in Agent.

    -a-a-a I have not tried these fixes myself, so I cannot personally advise -a-a-a how well they work.


    EXPLANATION

    -a-a-a When AllowedSSLProtocols=0, Windows implicitly supports a default
    -a-a-a set of SSL/TLS protocols. Microsoft has decided that Windows will -a-a-a only support the latest SSL/TLS protocols when they are *explicitly* -a-a-a requested.

    -a-a-a For Agent to explicitly request SSL/TLS protocols, set
    -a-a-a AllowedSSLProtocols to a sum of the following numbers:
    -a-a-a-a-a-a-a-a 128 -a-a-a-a TLS1.0
    -a-a-a-a-a-a-a-a 512 -a-a-a-a TLS1.1
    -a-a-a-a-a-a-a 2048 -a-a-a-a TLS1.2
    -a-a-a-a-a-a-a 8192 -a-a-a-a TLS1.3 -a (not supported in Windows 8.1 or earlier)
    --
    Kind regards
    Ralph Fox
    EfaeN+A

    Nothing of moment can be done without necessary helps, or convenient means.
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From VanguardLH@V@nguard.LH to news.software.readers on Sun Mar 1 20:10:19 2026
    From Newsgroup: news.software.readers

    Ralph Fox <-rf-nz-@-.invalid> wrote:

    *** NOTICE FOR FORTE AGENT USERS ***

    Forte Agent 3.2 - 8.0 needs only a small configuration change to
    support the latest SSL/TLS protocols.

    If you get an SSL error 80090302 with a server, then most likely
    you need this configuration change.

    -a-a-a In the [Online] section of AGENT.INI,
    -a-a-a change the setting 'AllowedSSLProtocols' from this: -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=0

    -a-a-a to one of these:
    -a-a-a-a * In Windows 11, and in Windows 10 version 1903 and later, -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=10880
    -a-a-a-a-a-a This will configure Agent to support TLS1.2 and TLS1.3.

    -a-a-a-a * In Windows 8.1 (and old Windows 10 older than 1903) -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=2688
    -a-a-a-a-a-a This will configure Agent to support TLS1.2.
    -a-a-a-a-a-a These versions of Windows will not support TLS1.3.

    If you are running Windows XP, 7, or Vista

    -a-a-a Agent uses the Windows implementation of SSL/TLS. These versions -a-a-a of Windows did not support either TLS1.2 or TLS1.3.

    -a-a-a There are fixes on the Internet to reportedly enable TLS1.2 in
    -a-a-a these operating systems. You would need to both apply these fixes -a-a-a to your OS and then make the configuration change in Agent.

    -a-a-a I have not tried these fixes myself, so I cannot personally advise -a-a-a how well they work.

    EXPLANATION

    -a-a-a When AllowedSSLProtocols=0, Windows implicitly supports a default -a-a-a set of SSL/TLS protocols. Microsoft has decided that Windows will -a-a-a only support the latest SSL/TLS protocols when they are *explicitly* -a-a-a requested.

    -a-a-a For Agent to explicitly request SSL/TLS protocols, set
    -a-a-a AllowedSSLProtocols to a sum of the following numbers: -a-a-a-a-a-a-a-a 128 -a-a-a-a TLS1.0
    -a-a-a-a-a-a-a-a 512 -a-a-a-a TLS1.1
    -a-a-a-a-a-a-a 2048 -a-a-a-a TLS1.2
    -a-a-a-a-a-a-a 8192 -a-a-a-a TLS1.3 -a (not supported in Windows 8.1 or earlier)

    Odd Forte Agent does not negotiate to a supported protocol by the
    server. Or afford a choice of protocol in the user config screens for
    defining the server.
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From Ralph Fox@-rf-nz-@-.invalid to news.software.readers on Tue Mar 3 07:17:33 2026
    From Newsgroup: news.software.readers

    On Sun, 1 Mar 2026 20:10:19 -0600, VanguardLH wrote:
    Ralph Fox <-rf-nz-@-.invalid> wrote:

    *** NOTICE FOR FORTE AGENT USERS ***

    Forte Agent 3.2 - 8.0 needs only a small configuration change to
    support the latest SSL/TLS protocols.

    If you get an SSL error 80090302 with a server, then most likely
    you need this configuration change.

    -a-a-a In the [Online] section of AGENT.INI,
    -a-a-a change the setting 'AllowedSSLProtocols' from this:
    -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=0

    -a-a-a to one of these:
    -a-a-a-a * In Windows 11, and in Windows 10 version 1903 and later,
    -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=10880
    -a-a-a-a-a-a This will configure Agent to support TLS1.2 and TLS1.3.

    -a-a-a-a * In Windows 8.1 (and old Windows 10 older than 1903)
    -a-a-a-a-a-a-a-a-a-a-a AllowedSSLProtocols=2688
    -a-a-a-a-a-a This will configure Agent to support TLS1.2.
    -a-a-a-a-a-a These versions of Windows will not support TLS1.3.

    If you are running Windows XP, 7, or Vista

    -a-a-a Agent uses the Windows implementation of SSL/TLS. These versions
    -a-a-a of Windows did not support either TLS1.2 or TLS1.3.

    -a-a-a There are fixes on the Internet to reportedly enable TLS1.2 in
    -a-a-a these operating systems. You would need to both apply these fixes
    -a-a-a to your OS and then make the configuration change in Agent.

    -a-a-a I have not tried these fixes myself, so I cannot personally advise
    -a-a-a how well they work.

    EXPLANATION

    -a-a-a When AllowedSSLProtocols=0, Windows implicitly supports a default
    -a-a-a set of SSL/TLS protocols. Microsoft has decided that Windows will
    -a-a-a only support the latest SSL/TLS protocols when they are *explicitly* >> -a-a-a requested.

    -a-a-a For Agent to explicitly request SSL/TLS protocols, set
    -a-a-a AllowedSSLProtocols to a sum of the following numbers:
    -a-a-a-a-a-a-a-a 128 -a-a-a-a TLS1.0
    -a-a-a-a-a-a-a-a 512 -a-a-a-a TLS1.1
    -a-a-a-a-a-a-a 2048 -a-a-a-a TLS1.2
    -a-a-a-a-a-a-a 8192 -a-a-a-a TLS1.3 -a (not supported in Windows 8.1 or earlier)

    Odd Forte Agent does not negotiate to a supported protocol by the
    server.

    Forte Agent does negotiate.
    -a*-a You specify, implicitly or explicitly, a set of SSL protocols
    -a-a-a the client OS supports.
    -a*-a It negotiates to one of the set supported by the server.


    Or afford a choice of protocol in the user config screens for
    defining the server.

    Better to specify the set of protocols the client supports, and
    negotiate the choice of protocol with each server. That way,
    you do not need a separate setting for each server.
    --
    Kind regards
    Ralph Fox
    EfaeN+A

    Digrif gan bob aderyn ei lais ei hun.
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From paul@nospam@nospam.invalid to news.software.readers on Thu Mar 5 03:35:27 2026
    From Newsgroup: news.software.readers

    VanguardLH wrote:> Odd Forte Agent does not negotiate to a supported
    protocol by the
    server. Or afford a choice of protocol in the user config screens for defining the server.

    I noticed you're using "User-Agent: 40tude_Dialog/2.0.15.41" on "individual.net", so when you use port 563 NNTP servers, how do set up your newsreader to properly handle the newer encryption protocols?
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From Bernd Rose@b.rose.tmpbox@arcor.de to news.software.readers on Thu Mar 5 18:16:47 2026
    From Newsgroup: news.software.readers

    On Thu, 5 Mar 2026 03:35:27 -0000 (UTC), paul wrote:

    [40tude_Dialog/2.0.15.41]
    when you use port 563 NNTP servers, how do set up your
    newsreader to properly handle the newer encryption protocols?

    This requires the use of an SSL-Proxy like sTunnel (www.stunnel.org).
    The setup is explained inside the 40tude Dialog FAQ:

    https://www.barghahn-online.de/4td_faq/sicherheit.php#ssl_tls
    English Google-Translate should be fairly understandable: https://www-barghahn--online-de.translate.goog/4td_faq/sicherheit.php?_x_tr_sl=de&_x_tr_tl=en#ssl_tls

    HTH.
    Bernd
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From paul@nospam@nospam.invalid to news.software.readers on Thu Mar 5 18:42:49 2026
    From Newsgroup: news.software.readers

    Bernd Rose wrote on 05.03.2026 09:16
    [40tude_Dialog/2.0.15.41]
    when you use port 563 NNTP servers, how do set up your
    newsreader to properly handle the newer encryption protocols?

    This requires the use of an SSL-Proxy like sTunnel (www.stunnel.org).
    The setup is explained inside the 40tude Dialog FAQ:

    https://www.barghahn-online.de/4td_faq/sicherheit.php#ssl_tls
    English Google-Translate should be fairly understandable: https://www-barghahn--online-de.translate.goog/4td_faq/sicherheit.php?_x_tr_sl=de&_x_tr_tl=en#ssl_tls

    How's this for the correct syntax for Mr. VanguardLH?

    [EternalSept]
    ; Ray Banana <rayban@raybanana.net>
    client = yes
    accept = 127.0.0.1:54321
    connect = news.eternal-september.org:563
    verifyChain = yes
    CAfile = ca-certs.pem
    checkHost = news.eternal-september.org
    OCSPaia = yes
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From Frank Slootweg@this@ddress.is.invalid to news.software.readers on Thu Mar 5 19:09:02 2026
    From Newsgroup: news.software.readers

    paul <nospam@nospam.invalid> wrote:
    VanguardLH wrote:> Odd Forte Agent does not negotiate to a supported protocol by the
    server. Or afford a choice of protocol in the user config screens for defining the server.

    I noticed you're using "User-Agent: 40tude_Dialog/2.0.15.41" on "individual.net", so when you use port 563 NNTP servers, how do set up your newsreader to properly handle the newer encryption protocols?

    I'm not VanguardLH, so I don't know what he's using, but News.Individual.[NET|DE] can use the normal NNTP port 119. That's what
    I'm using on my Hamster (personal local news server/proxy) setup (and
    also when I use Thunderbird to connect directly to News.Individual.DE).

    But thanks for the heads-up. It seems that Hamster needs additional DLLs/software to use SSL, so when I need to switch servers when News.Individual.[NET|DE] service ends, I probably have some work to do.
    As Hamster is quite old software, I'll probably end up adding stunnel to
    it.
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From Bernd Rose@b.rose.tmpbox@arcor.de to news.software.readers on Thu Mar 5 23:08:44 2026
    From Newsgroup: news.software.readers

    On Thu, 5 Mar 2026 18:42:49 -0000 (UTC), paul wrote:

    How's this for the correct syntax for Mr. VanguardLH?

    I'm not aware, that Vanguard required any configuration advise??
    *You* asked, by which means he would be able to connect an outdated
    Usenet reader (not supporting current transport encryption methods)
    to server ports requiring up-to-date TLS versions.

    [EternalSept]
    ; Ray Banana <rayban@raybanana.net>
    client = yes
    accept = 127.0.0.1:54321
    connect = news.eternal-september.org:563
    verifyChain = yes
    CAfile = ca-certs.pem
    checkHost = news.eternal-september.org
    OCSPaia = yes

    Since there are no significant changes from the 40tude Dialog FAQ example,
    the above sTunnel configuration should work with ES without problems. - Provided, that the corresponding local IP (127.0.0.1) and port (54321)
    (and ES login credentials, of course) are set inside the 40tude Dialog
    Usenet reader and SSL is kept ticked-off for the _local_ connection.

    Bernd
    --- Synchronet 3.21d-Linux NewsLink 1.2