Subj : "Warning: remote set UNSECURE session"
To   : All
From : Oli
Date : Tue May 25 2021 07:34 am


Why is this happening?

- 07:02 [1045] VER binkd/1.1a-112/Linux binkp/1.1
[...]
+ 07:02 [1045] Remote has 0b of mail and 0b of files for us
- 07:02 [1045] OPT EXTCMD GZ BZ2
+ 07:02 [1045] Remote supports EXTCMD mode
+ 07:02 [1045] Remote supports GZ mode
+ 07:02 [1045] Remote supports BZ2 mode
? 07:02 [1045] Warning: remote set UNSECURE session
               ‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
+ 07:02 [1045] pwd protected session (MD5)
? 07:02 [1045] aborted by Perl after_handshake(): CRYPT mode is required. Disconnecting ...
[...]

What I understand from the log is that it's a password protected session, but the remote binkd does not offer CRYPT. I tried to reproduce this behaviour with another binkd instance for testing, but I'm unable to get this warning. I tried the -r parameter, but it seems to do nothing.

I'm also confused what UNSECURE means in that context. Without encryption? Or unsecure / non-secure as in session without a password (but it clearly says "pwd protected session (MD5)").

The warning is in protocol.c:

 if (state->state == P_SECURE && strcmp(w, "non-secure") == 0)
 {
   state->crypt_flag=NO_CRYPT;
   /* some development binkd versions send OPT CRYPT with unsecure session */
   Log (1, "Warning: remote set UNSECURE session");
   state->state_ext = P_REMOTE_NONSECURE;
 }

I still don't understand what's going on there.

---
 * Origin: . (2:280/464.47)

.