Just a quick note to let those of you who care know that our load balancer finally got bumped up to openssl 1.1.x and is now TLSv1.3 happy. For those of you who are especially paranoid, "ssl_early_data" is explicitly set to "off" in the nginx conf file, actively disabling 0-RTT, even though it's disabled by default.
That's all, carry on.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
(Score: 0) by Anonymous Coward on Wednesday November 13 2019, @11:16PM (2 children)
Would setting "ssl_early_data" have made #CrookedHillary president?
(Score: 5, Funny) by The Mighty Buzzard on Wednesday November 13 2019, @11:25PM (1 child)
No, it would have made Ethanol-fueled chief editor though.
My rights don't end where your fear begins.
(Score: 1, Funny) by Anonymous Coward on Wednesday November 13 2019, @11:39PM
What could possibly go wrong with that?
(Score: 2) by coolgopher on Thursday November 14 2019, @12:13AM (7 children)
Suuuure, that's what someone would say if they wanted to lull us into a false of security. There is no proof of this!
(Score: 2) by c0lo on Thursday November 14 2019, @12:18AM
[Citation needed]
(large grin. I mean, Russell's teapot and all that)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by The Mighty Buzzard on Thursday November 14 2019, @12:19AM (2 children)
Join staff and do work, you can look for yourself. After the six week mandatory reeducation camp, of course.
My rights don't end where your fear begins.
(Score: 3, Insightful) by coolgopher on Thursday November 14 2019, @12:41AM (1 child)
<paranoia>I couldn't be sure you wouldn't just fob me off into a look-alike sandbox! Just like the moon landing!</paranoia>
PS. I miss MDC's comments.
(Score: 4, Touché) by The Mighty Buzzard on Thursday November 14 2019, @12:49AM
Never underestimate my desire to foist work off on someone else. It's as reliable as gravity.
My rights don't end where your fear begins.
(Score: 1, Informative) by Anonymous Coward on Thursday November 14 2019, @12:48AM (2 children)
You can verify early_data is off, though you can't verify the contents of the config file (or that it was read, or that it wasn't over-ridden on the command line...) externally, its a communication protocol after all.
The answer here https://stackoverflow.com/questions/53350763/nginx-1-15-6-with-openssl-1-1-1-earlydata-not-sent [stackoverflow.com] contains the openssl commands to verify it, or its inverse.
(Score: 0) by Anonymous Coward on Thursday November 14 2019, @12:52AM (1 child)
For those who are a bit more lazy: https://www.ssllabs.com/ssltest/analyze.html?d=soylentnews.org&s=23.239.29.31 [ssllabs.com] and you can check yourself under "0-RTT"
(Score: 2) by The Mighty Buzzard on Thursday November 14 2019, @01:39AM
That'd include me, yes.
My rights don't end where your fear begins.
(Score: 3, Insightful) by Anonymous Coward on Thursday November 14 2019, @12:19AM
The work you guys put in is greatly appreciated, even by us ACs!
(Score: 2, Informative) by Anonymous Coward on Thursday November 14 2019, @01:52AM (4 children)
Great, now my old Seamonkey browser won't connect. Oddly, despite all the hype, a lot of sites still connect with older TLS (but usually look like crap - well, they look like crap in new browsers too). At least it should work in Retrozilla, but have been dragging my feet on setting that up.
(Score: 0) by Anonymous Coward on Thursday November 14 2019, @02:55AM (1 child)
SSL? How old is that SeaMonkey client? Even they disabled SSL by default back in 2014. Additionally, TLS 1.2 appears to have been supported from before that by at least 3 years. I definitely wouldn't recommend browsing random websites on something that old.
(Score: 3, Funny) by maxwell demon on Thursday November 14 2019, @08:14AM
So you say it's time to retire my trusty old Mosaic browser? ;-)
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by SomeGuy on Saturday November 16 2019, @12:26AM (1 child)
It appears that since this story, someone has kindly re-enabled backwards compatiblity.
(Score: 0) by Anonymous Coward on Saturday November 16 2019, @08:37PM
The SSL Labs website says that the SN server now has TLS 1.0 enabled.
(Score: 4, Informative) by maxwell demon on Thursday November 14 2019, @09:08AM (3 children)
Off-topic, but I wouldn't know a better place where to put it:
There's something wrong with the funding progress bar. The funding is slightly above 75%, but the green area is far from covering that much.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 4, Funny) by martyb on Thursday November 14 2019, @09:51AM (2 children)
Huh?
/me reloads main page, squints, nods head. Huh!
/me opens template, replaces missing "%", saves.
/me begins whistling as if nothing happened. =)
But seriously, that was a great catch and thanks for bringing it to our attention!
--martyb
Wit is intellect, dancing.
(Score: 2) by maxwell demon on Thursday November 14 2019, @11:10AM (1 child)
Thank you, too (also for the message in my SN inbox).
Sending mail to soylentnews.org addresses seems not to work with my mail provider (no idea why; the only response I got is “processing error”).
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by The Mighty Buzzard on Sunday November 17 2019, @04:43PM
Just checked the mail logs and there's nothing in there with the address associated with your SN account. Must be something with your outgoing mail server.
My rights don't end where your fear begins.