Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 13 submissions in the queue.
Meta
posted by NCommander on Wednesday July 05 2023, @02:23AM   Printer-friendly
from the ssl-negotations-are-complex dept.

So, I know its been a bit quiet here, but we're working through getting through the last few items relating to cutting over to newer infrastructure. As such, its been working through the bug list, and there's one issue I want to get some feedback on.

Back in November when the infrastructure was upgraded to Ubuntu 22.04, a few users with older devices stopped being able to connect to SoylentNews. This confused me, since we've been using the same NGINX SSL termination setup that has been in use since at least 2016. Well, I finally found the root cause, and as it turns out, Canonical bumped up the minimum OpenSSL security level, which disabled several ciphers, and broke devices not supporting TLS 1.2 or later.

By testing the site with the SSL Labs site checker, it appears anything older than Android 4.0, or iOS 5 is broken. This mostly seems to be devices that are over a decade old at this point, and won't be able to browse the vast majority of sites on the Internet as is. We discussed this internally a bit, and I'm of the opinion that its not worth re-enabling the older ciphers to allow these devices to reconnect, especially since we're working to modernize the stack, and get it as up to date as we can get it. I also believe we had very few users who were actually affected by this, however, as the editors did get a few emails about SN breaking after the site upgrade, I wanted to poll the community, and make sure this is not a more widespread issue than initially believed.

Ultimately, this is going to be part of a broader discussion on what we will and won't support on SoylentNews going forward, and this seems as good of place as any to get the ball rolling.

~ NCommander

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0, Funny) by Anonymous Coward on Wednesday July 05 2023, @07:26AM (4 children)

    by Anonymous Coward on Wednesday July 05 2023, @07:26AM (#1314487)

    Does NCommander realize that he has left this front page article open to the universe, to anonymous cowards, and any and all soylentils? I commend him for this, though janrinok is probably shitting rectangular clay objects, somewhere.

    Welll, maybe not all.

    Due to excessive bad posting from this IP or Subnet, anonymous comment posting has temporarily been disabled. You can still login to post. However, if bad posting continues from your IP or Subnet that privilege could be revoked as well. If it's you, consider this a chance to sit in the timeout corner or login and improve your posting. If it's someone else, this is a chance to hunt them down. If you think this is unfair, please email admin@soylentnews.org with your MD5'd IPID and SubnetID, which are "Opend01ediscussion3c57is2goodf73232" and "5eJanrinokd472donkey06ballse8cd6".

    Starting Score:    0  points
    Moderation   0  
       Offtopic=1, Funny=1, Total=2
    Extra 'Funny' Modifier   0  

    Total Score:   0  
  • (Score: 2) by janrinok on Wednesday July 05 2023, @07:44AM

    by janrinok (52) Subscriber Badge on Wednesday July 05 2023, @07:44AM (#1314490) Journal

    I kept it open for discussion. Lets see how the ACs respond shall we?

    --
    I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
  • (Score: 3, Informative) by janrinok on Wednesday July 05 2023, @07:52AM (2 children)

    by janrinok (52) Subscriber Badge on Wednesday July 05 2023, @07:52AM (#1314491) Journal

    Due to excessive bad posting from this IP or Subnet, anonymous comment posting has temporarily been disabled.

    This is something that the AC causes. There is no manual intervention from any staff.

    --
    I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
    • (Score: -1, Offtopic) by Anonymous Coward on Wednesday July 05 2023, @08:05AM (1 child)

      by Anonymous Coward on Wednesday July 05 2023, @08:05AM (#1314494)

      You did this, janrinok! You tried to block my IP! Tricksy wanker! But, I have many IPs, and I change them frequently, as I have to, due to your blocking. Would be easier if I could know what "bad posting" was. Just getting a downmod? Or special admin intervention? Help me out here, janrinok.

      • (Score: 3, Informative) by janrinok on Wednesday July 05 2023, @08:27AM

        by janrinok (52) Subscriber Badge on Wednesday July 05 2023, @08:27AM (#1314497) Journal
        Off topic comments in a thread requesting feedback about SSL support which look like "You did this, janrinok! You tried to block my IP! Tricksy wanker!" or perhaps "which are "Opend01ediscussion3c57is2goodf73232" and "5eJanrinokd472donkey06ballse8cd6"" is a very good way of getting Spam moderations. That would result in you being blocked.
        --
        I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.