On Thu, 23 Apr 2020 at 19:09 +0000, you wrote to Michael Dukelsky:
MD>> binkd supports binkp protocol. It has nothing to do with http or MD>> https. If you place a binkp connection in a tls tunnel, it will MD>> still have nothing to do with https. BP> let me ask another way, how to use the https in binkd then ?
Let me quote a piece of binkd documentation for you..
=== Start of Windows Clipboard === binkd 1.0 How-To ****************
1 How Can BinkD Work via HTTP-proxy? ************************************
It is not a rare case when users go out to the internet from their corporate LAN exclusively via the proxy server based at the only computer connected to the internet. Thus BinkD cannot make a direct connection to the remote node and one must use the proxy server. Proxy servers support was included in versions 0.9.3.https, 0.9.4 and the later ones.
� One can use BinkD via a HTTP proxy only if CONNECT host 24554 command is allowed in the proxy server or the CONNECT command is allowed for all remote ports. The command is usually used for the secure HTTP protocol (URLs of the "HTTPS://..." type), it is also known as S-HTTP. Because of that such a proxy is quite often referred as a HTTPS proxy.
� If BinkD reports of an authorization error then the necessary command is prohibited in the proxy configuration or it is allowed for the port 443 only (that is inessential for us).
� Suppose the connected to the Internet computer has the IP address 192.168.0.1 in its LAN and the proxy server at the computer responds on port 3128. Here is the line in BinkD configuration file necessary for working via the HTTP proxy.
� 1. A proxy server without user authorization (no login and password are demanded):
� proxy 192.168.0.1:3128
� 2. A proxy server with user authorization (it is necessary to type login and password, e.g. login "user", password "password"):
� proxy 192.168.0.1:3128/user/password
� 3. Microsoft proxy server with NTLM protocol of user authorization (one must be inside a domain). Suppose login is "user", password is "password", the user computer is "host" and the domain name is "ntdomain":
� If the proxy server administrator has allowed connection only to some selected ports (usually to port 443) then BinkD reports "Connection rejected by proxy". Here is an example:
� 31 Mar 16:48:43 [59987] BEGIN, binkd/0.9.3/SOCKS/HTTPS -p BINKD.CFG � 31 Mar 16:48:43 [59987] clientmgr started � + 31 Mar 16:48:43 [40423] call to 2:5000/44@fidonet � 31 Mar 16:48:43 [40423] trying 195.209.235.3, port 24554... � 31 Mar 16:48:43 [40423] connected to proxy.osu.ru:24554 � 31 Mar 16:48:44 [40423] Connection rejected by proxy (HTTP/1.0 403 Forbidden) � ? 31 Mar 16:48:44 [40423] unable to connect: {13} Permission denied
� In such a case you may try to use http tunnelling for instance with the help of httport (one can take it at http://www.htthost.com/). === End of Windows Clipboard ===
So, in short, binkd can use HTTPS proxy to connect to another node. This is not about security, this is about connectivity from a limited network environment were connections are possible only via proxy.
