Stories
Slash Boxes
Comments

SoylentNews is people

posted by NCommander on Sunday June 07 2015, @01:06AM   Printer-friendly
from the huzzah dept.

Earlier tonight, I modified our varnish rules to redirect all traffic to https://soylentnews.org if they came in as plain HTTP. Unfortunately, due to dropping SSLv3 support to prevent POODLE attacks, IE6 clients will no longer be able to reach SoylentNews. If this seriously inconveniences a large number of users, we may go through the trouble of whitelisting IE6 to drop down to HTTP only.

In addition, I applied an experimental update to production to try and clear as many errors as possible from the Apache error logs, in an attempt to continue isolating any remaining bugs and slowdowns. I also ripped out more dead code related to FireHose, Achievements, and Tags. As such, site performance appears to roughly be back to where it should be, and I have yet to see any 500 errors post-upgrade (though I concede that said update has only been up for about 2 hours at this point).

Tor traffic is set to bypass HTTPS due to the fact there is no way to prevent a self-signed certificate warning, and by design, tor both encrypts and authenticates hosts when connecting to them. A few lingering issues with the tor proxy were fixed with most recent code push, and the onion site should be back to functioning normally

P.S. I'm aware that the site is generating warnings due to the fact we use a SHA-1 based certificate. We will be changing out the certificate as soon as reasonably possible.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by r00t on Sunday June 07 2015, @05:21PM

    by r00t (1349) on Sunday June 07 2015, @05:21PM (#193297)

    Hey guys, not sure how you mitigated FREAK, POODLE , LOGJAM etc but check out your ssl config on https://www.ssllabs.com/ssltest/analyze.html?d=soylentnews.org. [ssllabs.com] I'm getting funky errors about broken encryption in firefox. Qualys is pointing out some problems with the DH mitigation involving logjam.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by NCommander on Thursday June 18 2015, @12:50AM

    by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Thursday June 18 2015, @12:50AM (#197627) Homepage Journal

    Wow, this is a late reply to this, but I regenerated the DH prime a few days after this site upgrade. SSLLabs is showing us with an A rating with no major issues. Once we implement HSTS, we'll go to A+, and hopefully always remain there.

    --
    Still always moving