I got telnet over SSL working and thought I'd share the details since the
next official release of SyncTERM looks like it's going to support it. For
now we can use "stunnel" since the only BBS I've heard of that supports it natively is BBBS.
Unfortunately there isn't an official 32-bit release anymore (and a lot of us are on 32-bit for the dos support!) but luckily this nice fellow here
compiled and packaged up a 32-bit version for us:
I used the file "stunnel-testing-win32-installer.exe"
After install, you will be asked to create a certificate for the SSL connections. If you haven't done so before, it asks you a series of questions:
Country (US, NZ, etc)
City or Province
Organization (I used the BBS name without "BBS" on the end)
Organization Unit: BBS
Common Name, domain, etc: throw in something like sslbbs.synchro.net or whatever you use for your bbs
For Windows 7 and up, you won't have permission to directly edit the config file since it's in the "C:\Program Files" folder. You can either start up a command prompt as administrator and edit there, or copy it, edit it, and replace it with Windows Explorer (it should ask for authorization and show
the little shield or whatever.)
The config file has quite a few examples, but to make this easy, you can
simply delete all but one and modify it:
accept = 992
connect = 23
cert = stunnel.pem
Note that since stunnel redirects connections from port 992 to port 23, they will show up as if they're connected locally! If your BBS features anti-connection-spam (like Mystic) you should make sure 127.0.0.1 is included in the whitelisted IP addresses file. You will have to match timestamps with the stunnel log if you need to find a specific user..
Open port 992 on your firewall and you should be all set :)
In SyncTERM, you will have to edit your connection (F2) and change the connection type to "TelnetS". As previously mentioned, it should be included
in the NEXT release of SyncTERM, so for now you will have to use the test versions linked at the very bottom of the SyncTERM web page.
Hopefully someone finds this useful and it gets more widely adopted directly
in BBS software!
For security minded folk: it doesn't look like certificate verification is common even in the clients that have had this feature for a long time.. mostly mainframe stuff. You can however use openssl to view the server's certificate information with:
openssl s_client -connect mysuperbbs.com:992
If you want to get a legitimate certificate, LetsEncrypt is free, and is
fairly easy to automate updates for with Windows' task scheduler. In which
case openssl should show:
at each step as it walks the certificate chain.
--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: cold fusion - cfbbs.net - grand rapids, mi