Stories
Slash Boxes
Comments

SoylentNews is people

Meta

Meta: Notes for Nerds

posted by on Wednesday November 13 2019, @11:10PM   Printer-friendly
from the lingere dept.

The Mighty Buzzard writes:

Just a quick note to let those of you who care know that our load balancer finally got bumped up to openssl 1.1.x and is now TLSv1.3 happy. For those of you who are especially paranoid, "ssl_early_data" is explicitly set to "off" in the nginx conf file, actively disabling 0-RTT, even though it's disabled by default.

That's all, carry on.

 
This discussion has been archived. No new comments can be posted.
Meta: Notes for Nerds | Log In/Create an Account | Top | 21 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by coolgopher on Thursday November 14 2019, @12:13AM (7 children)

    by coolgopher (1157) on Thursday November 14 2019, @12:13AM (#920080)

    For those of you who are especially paranoid, "ssl_early_data" is explicitly set to "off" in the nginx conf file

    Suuuure, that's what someone would say if they wanted to lull us into a false of security. There is no proof of this!

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by c0lo on Thursday November 14 2019, @12:18AM

    by c0lo (156) Subscriber Badge on Thursday November 14 2019, @12:18AM (#920082) Journal

    There is no proof of this!

    [Citation needed]

    (large grin. I mean, Russell's teapot and all that)

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

  • (Score: 2) by The Mighty Buzzard on Thursday November 14 2019, @12:19AM (2 children)

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Thursday November 14 2019, @12:19AM (#920084) Homepage Journal

    Join staff and do work, you can look for yourself. After the six week mandatory reeducation camp, of course.

    --
    My rights don't end where your fear begins.

    • (Score: 3, Insightful) by coolgopher on Thursday November 14 2019, @12:41AM (1 child)

      by coolgopher (1157) on Thursday November 14 2019, @12:41AM (#920090)

      <paranoia>I couldn't be sure you wouldn't just fob me off into a look-alike sandbox! Just like the moon landing!</paranoia>

      PS. I miss MDC's comments.

  • (Score: 1, Informative) by Anonymous Coward on Thursday November 14 2019, @12:48AM (2 children)

    by Anonymous Coward on Thursday November 14 2019, @12:48AM (#920094)

    You can verify early_data is off, though you can't verify the contents of the config file (or that it was read, or that it wasn't over-ridden on the command line...) externally, its a communication protocol after all.

    The answer here https://stackoverflow.com/questions/53350763/nginx-1-15-6-with-openssl-1-1-1-earlydata-not-sent [stackoverflow.com] contains the openssl commands to verify it, or its inverse.