Just a quick note to let those of you who care know that our load balancer finally got bumped up to openssl 1.1.x and is now TLSv1.3 happy. For those of you who are especially paranoid, "ssl_early_data" is explicitly set to "off" in the nginx conf file, actively disabling 0-RTT, even though it's disabled by default.
That's all, carry on.
(Score: 2) by coolgopher on Thursday November 14 2019, @12:13AM (7 children)
Suuuure, that's what someone would say if they wanted to lull us into a false of security. There is no proof of this!
(Score: 2) by c0lo on Thursday November 14 2019, @12:18AM
[Citation needed]
(large grin. I mean, Russell's teapot and all that)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by The Mighty Buzzard on Thursday November 14 2019, @12:19AM (2 children)
Join staff and do work, you can look for yourself. After the six week mandatory reeducation camp, of course.
My rights don't end where your fear begins.
(Score: 3, Insightful) by coolgopher on Thursday November 14 2019, @12:41AM (1 child)
<paranoia>I couldn't be sure you wouldn't just fob me off into a look-alike sandbox! Just like the moon landing!</paranoia>
PS. I miss MDC's comments.
(Score: 4, Touché) by The Mighty Buzzard on Thursday November 14 2019, @12:49AM
Never underestimate my desire to foist work off on someone else. It's as reliable as gravity.
My rights don't end where your fear begins.
(Score: 1, Informative) by Anonymous Coward on Thursday November 14 2019, @12:48AM (2 children)
You can verify early_data is off, though you can't verify the contents of the config file (or that it was read, or that it wasn't over-ridden on the command line...) externally, its a communication protocol after all.
The answer here https://stackoverflow.com/questions/53350763/nginx-1-15-6-with-openssl-1-1-1-earlydata-not-sent [stackoverflow.com] contains the openssl commands to verify it, or its inverse.
(Score: 0) by Anonymous Coward on Thursday November 14 2019, @12:52AM (1 child)
For those who are a bit more lazy: https://www.ssllabs.com/ssltest/analyze.html?d=soylentnews.org&s=23.239.29.31 [ssllabs.com] and you can check yourself under "0-RTT"
(Score: 2) by The Mighty Buzzard on Thursday November 14 2019, @01:39AM
That'd include me, yes.
My rights don't end where your fear begins.